The Catch Hospitality Group is notifying customers of its New York City restaurants of a POS malware incident that may have compromised their payment cards.
Catch NYC (including Catch Roof) and Catch Steak had payment card skimming malware injected into the POS systems in use at the restaurant bars that searched for track data which could include cardholder’s names, card number, expiration date and internal verification code. The mobile POS devices the wait staff uses at the tables were not affected as these use point-to-point encryption to communicate with the corporate payment network, Catch reported.
The issue at Catch NYC (including Catch Roof) lasted from March 19, 2019 through October 17, 2019 and at Catch Steak from September 17, 2019 through October 17, 2019.
An outside security firm has removed the malware, which was not named, and enacted additional security measures.
Catch did not reveal when the malware was discovered.