Landry Restaurant Chain Breached Posted by AVCU on 11:30 AM

As reported by CU InfoSecurity the Houston-based Landry's restaurant chain of over 600 restaurants, hotels, casinos and other entertainment establishments is investigating an apparent data breach after its security team found malware within a system.  The exact size and scope of the breach is not known, but Landry's began notifying customers on 12/31.  The security incident appears to have started around 3/13 and lasted until about 10/17.

This is the second time in the last 4 years that Landry's has been hit with malware targeting payment information. In 2016, the company announced it had investigated attacks at its restaurants and other properties dating back to 2014 and 2015.

It appears that some customers' payment card data was exposed as a result of the malware when waitstaff at some locations mistakenly swiped cards on terminals used to enter kitchen and bar orders, rather than on the more secure payment terminals, according to the company.

The unidentified malware tracks data found on the magnetic stripe of payment cards, and can include the cardholder name, the card number, expiration date and internal verification code. In some cases, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name.  Because Landry's used end-to-end encryption within its point-of-sale devices, the malware couldn't read or collect most payment and credit card data it collected, the company states. But when the staff swiped cards at the other terminals, customer data may have been exposed, it acknowledges.

The potentially involved Landry establishments are listed online.