The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems have been infected with malware specifically developed to steal customers’ payment card information (i.e.
Landry’s owns and operates more than 600 restaurants, bar, hotels, and casinos with over 60 popular brands, including Landry’s Seafood, Saltgrass Steak House, Chart House, Bubba Gump Shrimp Co., Claim Jumper, McCormick & Schmick’s, Morton’s The Steakhouse, Mastro’s Restaurant, Rainforest Cafe, Del Frisco’s Grill, and many more.
“Landry’s recently detected unauthorized access to the network that supports our payment processing systems for restaurants and food and beverage outlets. We immediately launched an investigation, and a leading cybersecurity firm was engaged to assist.” reads the breach notification published by the company. “Although the investigation identified the operation of
The company pointed out that despite the
The security breach notice states that the Landry’s outlets also use order-entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards.
The breach may have involved payment cards that the
“Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have
At the time of writing it is not clear the extent of the infection.
The POS malware remained active in the restaurant chain systems between 13th March 2019 and 17th October 2019, but at some locations, the initial infection may be dated as early as 18th January 2019.
Landry’s launched an investigation that allowed it to identify the malware and completely remove it from the infected systems, the company also announced to have enhanced security measures.
“During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to
Customers that have used their debit or credit card at any of the Landry’s outlets last year should stay vigilant, monitor their payment card statements for any suspicious activity and immediately report any fraudulent activity to their bank and local law enforcement.
(SecurityAffairs – Landry’s, PoS malware)