Malware on POS at Landry’s restaurants leave payment card data exposed

The point-of-sale terminals at Landry’s restaurants have been hit with malware which intended to steal customer card data.  

Landry’s operates restaurants including Bubba Gump, Rainforest Café and Morton’s The Steakhouse, among others.

The company recently discovered an unauthorized access to the network supporting its payment processing systems used by its outlets. This malware was designed to steal payment card data but due to the end-to-end encryption technology implemented into its POS terminals, the virus was unable to access or decrypt the information.

However, its restaurants also use an order-entry system with a built-in card reader which let waitstaff enter kitchen and bar orders and swipe Landry’s Select Clue reward cards. The restaurant chain believes a select few of its waitstaff mistakenly swiped payment cards on the order-entry system and could have had their card data stolen by the malware.

The malware searched for ‘track data’ which often includes cardholder name, card number, expiration date and internal verification code details. Payment cards swiped on the order-entry systems may have had their payment card data stolen. In certain incidents only part of the magnetic stripe was exposed, meaning the card information was accessible but not the cardholder name.

This malware was believed to be active from March 13 2019 through to October 17 2019.

Following the discovery, Landry’s removed the malware and implemented enhanced security measures. It is also providing additional training for its waitstaff.

Anyone who has visited one of the Landry’s restaurants is being advised to monitor their payment card statements for unauthorized activity.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.