U.S. restaurant chain Landry’s announced on Thursday (Jan. 2) that it had been the victim of a malware attack that almost stole customers’ payment data. According to reports, while the malware affected all point-of-sale terminals at Landry’s locations, it was unable to actually steal data from the majority of customers due to the end-to-end encryption technology the chain has employed for years.
Landry’s owns and operates more than 600 chains, including bars, restaurants, hotels, food and beverage outlets, and casinos. These include over 60 different brands, such as Landry's Seafood, Chart House, Saltgrass Steak House, Claim Jumper, Morton's The Steakhouse, Mastro's Restaurants and Rainforest Cafe.
According to a breach notification this week, the malware attack was likely designed to search for and steal customers’ credit card data, including credit card numbers, expiration dates, verification numbers and even the cardholders’ names, in some cases. The only lasting damage came from incidents where the malware affected the card readers used to enter payments for kitchen and bar orders, as well as swipe Landry’s Select Club rewards cards. Landry’s said those incidents were rare, and that Select Club rewards cards had not been affected.
Landry’s did not have information as to how many people had been affected, only noting that it has been notifying the customers affected. In some situations, the cardholders’ names were not identified by the malware, Landry’s said.
The firm added that the malware was active between March 13, 2019 and Oct. 17, 2019 for swipe cards, and, in some cases, had been installed as early as Jan. 18, 2019. However, Landry’s assured that it had taken precautions like adding more cybersecurity, and providing more training to waitstaff.
Landry’s urged customers who knew that they’d used a debit or credit card at its locations to stay vigilant, check their card activity for anything suspicious and, if they did find something, report it to law enforcement as soon as possible.