Dining, hospitality and entertainment corporation Landry’s notified customers of a security incident that might have affected their payment card data.
On December 31, Landry’s revealed that it first learned of the incident after it detected unauthorized activity on the payment processing systems for its restaurant outlets as well as its food and beverage locations.
The corporation said that it had launched an investigation with the help of a leading digital security firm. This effort revealed that malware had infected its payment processing systems, it explained, but that end-to-end encryption it had implemented on its point-of-sale terminals years ago had successfully safeguarded customers’ information.
However, the investigation found evidence that the malware might have exposed the details of payment cards mistakenly swiped by waitstaff on order-entry systems near the kitchen and bar.
Landry’s did not clarify whether those systems were using end-to-end encryption at the time of the incident, which is believed to have occurred between March 13, 2019 to October 17, 2019.
A full list of locations potentially affected by the payment card incident is available here.
Following its investigation, the corporation removed the malware from its systems, notified law enforcement, implemented new security measures on its computer systems and began providing additional training to waitstaff. It also urged customers potentially affected by the data breach to watch for signs of suspicious activity on their payment cards. As quoted in its statement:
It is always advisable for customers to closely monitor their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to the financial institution that issued the card because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card.
Customers might also consider taking additional steps to protect themselves against identity thieves. They can use this resource to coordinate their efforts.