Landry’s Inc. is notifying customers of an incident that was recently identified and addressed involving payments cards.
According to the company, in rare circumstances, payment cards appear to have been mistakenly swiped by waitstaff on devices used to enter kitchen and bar orders, which are different devices than the point-of-sale terminals used for payment processing.
Beginning in 2016, Landry’s installed a payment processing solution that uses end-to-end encryption technology at all Landry’s owned locations.
The company recently detected unauthorized access to the network that supports its payment processing systems for restaurants and food and beverage outlets.
Landry’s immediately launched an investigation, and a leading cybersecurity firm was engaged to assist.
The investigation identified the operation of malware designed to access payment card data from cards used in person on systems at its restaurants and food and beverage outlets.
However, the end-to-end encryption technology on point-of-sale terminals, which makes card data unreadable, was working as designed and prevented the malware from accessing payment card data when cards were used on these encryption devices.
According to Landry’s, it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems, which are used for Landry’s Select Club rewards.
Landry’s owns Saltgrass Steak House, Tower of the America’s, Landry’s Seafood, Morton’s Steakhouse, Bubba Gump Shrimp Co., Rainforest Cafe and Joe’s Crab Shack locations through out Central Texas including Austin, San Antonio, Round Rock, Bee Cave and San Marcos.
The general timeframe when data from cards mistakenly swiped on the order-entry systems may have been accessed is March 13, 2019 to October 17, 2019.
At a small number of locations, access may have occurred as early as January 18, 2019. A full list of Landry’s owned restaurants and food and beverage outlets involved is available here.
Landry’s said, “During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to waitstaff. In addition, we continue to support law enforcement’s investigation.”
Customers are advised to closely monitor their payment card statements for any unauthorized activity.
Customers should immediately report any unauthorized charges to the financial institution that issued the card because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.