Hackers Take A Bite Out Of Eataly’s Payment Data

The payment information of patrons who frequented Eataly’s New York City retail location earlier this year may have been compromised by a data breach, the upscale Italian food market company announced late last week.

The company’s website provides details on the “potential security incident,” warning customers who made payment card purchases at the NYC location between Jan. 16 and April 2 to immediately check their bank accounts.

“Based upon an extensive forensic investigation, it appears that criminals unscrupulously hacked our network system and installed a malware designed to capture payment card transaction data,” the company said in a statement.

The company launched its investigation shortly after several employees, who also made purchases at the eatery, reported fraudulent charges on their cards, reported CBS New York.

The malware has since been removed and Eataly confirmed additional security measures are in place to maintain system security.

“Earning our customers’ trust is our highest priority, and we deeply regret that this incident occurred. We have been working non-stop in an effort to ensure the security of our point-of-sale environment and to protect our guests’ personal information from potential misuse,” the company’s website explained.

According to Eataly’s FAQs regarding the incident, the malware most likely captured the name, card number, card expiration date and the CVV security code of all affected customers. There is no indication the hackers accessed the company’s system at the Eataly New York City restaurant, Eataly’s Chicago location, international locations or its online store.

The retailer said that the incident has since been contained, and said it will offer affected customers one year of complimentary fraud resolution and identify protection services.

“Eataly is working with a third party point-of-sale system provider to ensure that your payment card information is secure throughout the transaction process,” Eataly wrote in a FAQ response. This includes installing encrypted swiping machines, increasing monitoring of the systems, and implementing other system improvements.”

To check out what else is HOT in the world of payments, click here.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment