BreachExchange mailing list archives
Houston billionaire's restaurant co. reports data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 6 Jan 2020 09:08:47 -0600
https://www.bizjournals.com/houston/news/2020/01/02/houston-billionaires-restaurant-co-reports-data.html Houston-based restaurant giant Landry's Inc. recently discovered malware in its systems that might have accessed payment card data for certain customers, according to a press release issued late Dec. 31. Since 2016, Landry's has been using end-to-end encryption technology on point-of-sale terminals at all Landry's-owned locations, the release noted. However, the affected customers' cards were mistakenly swiped by waitstaff on different devices, which are used to enter kitchen and bar orders. The release describes such incidents as rare. The malware Landry's recently discovered searched for track data — which could include the cardholder name in addition to card number, expiration date and internal verification code — on cards mistakenly swiped on the order-entry system. In some cases, only part of the information was identified. The malware was not able to access data of payment cards correctly swiped on point-of-sale terminals, as Landry's said the end-to-end encryption technology was functioning correctly. In general, the malware might have accessed cards swiped on the order-entry system between March 31, 2019, and Oct. 17, 2019. But access might have occurred as early as Jan. 18, 2019, at a small number of locations. Once the unauthorized access was discovered, Landry's launched an investigation with the assistance of a leading cybersecurity firm, per the release. The malware was removed, and Landry's implemented enhanced security measures and is providing additional training to waitstaff. The company also continues to support a law enforcement investigation, though it provided no further details. Customers are encouraged to always closely monitor their payment card statements and immediately report unauthorized charges to their financial institution, per the release. Landry's has provided a list of additional steps customers can take here. For additional questions, customers may call 833-991-1538 from 8 a.m. to 8 p.m. Central Time Monday through Friday. In late 2015, Landry's reported a similar incident in which data from payment cards was compromised. That incident led to a lawsuit involving JPMorgan Chase Bank NA and its payment processing and merchant acquiring business, Paymentech LLC, as well as Visa and Mastercard. That lawsuit is ongoing, with a pretrial conference scheduled for Jan. 15, according to court documents. Worldwide, Landry’s operates more than 600 locations of high-end and casual dining establishments across more than 60 brands. Landry's also just closed on the purchase of sister steakhouse chains Del Frisco’s Double Eagle Steakhouse and Del Frisco’s Grille in early November, won court approval for its $37.2 million bid to acquire bankrupt Seattle-based Restaurants Unlimited Holding Corp. in September and won court approval to acquire the assets of Houlihan's Restaurants Inc. parent company HRI Holding Corp. in late December. In Houston, the company recently opened a Saltgrass Steak House location at the George R. Brown Convention Center downtown and rebranded McCormick & Schmick’s Seafood & Steaks as M&S Seafood, Steaks & Oysters, starting with the Uptown Park location. Local billionaire Tilman Fertitta is the chairman, president and CEO of Landry's. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Houston billionaire's restaurant co. reports data breach Destry Winant (Jan 06)