Breach, Threat Management, Data Security, Malware

Attackers sink their meathooks into Landry’s restaurants’ payment card data

The Houston-based steakhouse, restaurant and hospitality company Landry's, Inc. has advised customers of a point-of-sale malware attack that stole payment card data from an order-entry system used to process kitchen and bar orders.

According to a company breach notification, Landry's food and beverage locations typically use point-of-sale terminals featuring end-to-end encryption technology that protects the data stored on payment cards' magnetic stripes. Orders placed on these devices were safe. However, at least some of these outlets also feature a second system intended to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards. This secondary payment system does not feature the same level of protection.

In cases where the waitstaff mistakenly swiped customers' cards on the devices lacking encryption, the payment data may have been stolen in plaintext by the attackers.

Landry's has defined the timeframe of the data breach at most locations as approximately March 13, 2019 through Oct. 17, 2019. The company said a "small number of locations" may have been infected as early as Jan. 18.

"During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to waitstaff," the company notification states. "In addition, we continue to support law enforcement's investigation."

Landry's 60 brands include Landry's Seafood, Chart House, Saltgrass Steak House, Bubba Gump Shrimp Co., Claim Jumper, Morton's The Steakhouse, McCormick & Schmick's, Mastro's Restaurants, Rainforest Cafe, and the Golden Nugget hotels and casinos. The company owns and operates more than 600 properties.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.