Landry’s-owned chain of restaurants announced a malware which affected the end-to-end encrypted system of all point-of-sales card machines.
About 63 of Landry’s food and beverage and hospitality concepts have been affected. The breach happened when some staff members use the POS to enter orders instead of paying out customers. The device used doesn’t have the same security feature of the ones used for payments.
The breach leads to exposure of credit card information of customers, especially those who swiped their cards between March 13 and October 17, 2019.
Some of the big restaurants affected include Morton’s, Bubba Gump, and Rainforest Café.
According to Landry’s statement, “Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have order entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club rewards cards.”
“It appears that waitstaff may have mistakenly swiped payment cards on the order entry systems. The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems,” said the company in a statement.
Landry’s notes that hackers are able to access card information as early as January 18, 2019. However, only the part of the magnetic striped was exposed and not the cardholder name, as confirmed by Landry’s.
New Technology, New Exposures
For security analysts like Pulse Secure CEO Sudhakar Ramakrishna, businesses are forced to implement new technologies that open up the possibilities of exposures. In this particular incident, lack of training of staff can tamper the security paraphernalia in place and accidentally opens a portal to expose sensitive data.
Ramakrishna also added that “Even with data protection mechanisms enabled, hackers were able to exploit older POS systems with malware to gain access to customer data. To manage the growing range of attack vectors, businesses need to adopt a Zero Trust model that engages security verification from user systems and IoT devices to networks and applications.”
The need for more cohesive controls is a way to secure the digital ecosystems of modern security devices.
Restaurants and hospitality establishments are prime targets of hackers because of traditional security on payment systems. Because of the vulnerabilities and weaknesses of the payment systems, attackers can easily come through and steal sensitive debit and card data.
Landry’s advises customers to check card statements for malicious activities or movements.