Data breach alert: Popular restaurant chains hit by card-stealing malware

Data breach alert: Popular restaurant chains hit by card-stealing malware
© ProductionPerig | Dreamstime.com

Data breaches don’t only affect websites or digital platforms. Real-world businesses and locations can also be affected by these devastating cybercrimes. In fact, the results can sometimes be worse for consumers when a brick-and-mortar store is hacked than a social media or messaging app.

The reason for this is purely financial. When hackers attack a business, they’re often after data that can put money in their pockets. Typically, this comes in the form of the credit card data that passes through a business’s point of sale system (POS) every day. Tap or click to learn about the last major restaurant POS hack.

And now, another chain of dining establishments has fallen victim to cybercriminals. During a seven-month window, visitors to these restaurants had their credit card data siphoned by malware. And now, that data might be floating around on the Dark Web. If you went to these restaurants, you might want to call your card issuer.

Landry’s group targeted by massive malware operation

According to new reports from BleepingComputer, POSs belonging to the Landry’s restaurant group were targeted in a large, coordinated malware attack between March 2019 and October 2019 (although some locations may have had malware present as early as January).

In a briefing published by the company, Landry’s detected an unauthorized user on their restaurant payment systems. Upon further investigation, this user appeared to have installed credit card-stealing malware across hundreds of restaurants.

Under “rare circumstances,” this malware could have been used to steal credit card data — including credit card numbers, names, expiration dates and security codes. Emphasis is placed on “rare circumstances,” due to the fact that Landry’s POS systems are backed up with end-to-end encryption…for the most part.

But not every system at Landry’s enjoys this level of protection. Some Landry’s locations use order entry systems that lack end-to-end encryption, and if a card was scanned by a server using these systems, it’s possible that data could have been stolen.

Out of an abundance of caution, Landry’s has contacted customers it believes may have been affected by the breach. It’s urging anyone who has dined at these restaurants between Jan. 18, 2019, and Oct. 17, 2019 to contact their card issuers.

Landry’s owns more than 600 restaurants, and notable brands include family-friendly outlets like Rainforest Cafe and Bubba Gump Shrimp. It also manages several high-end establishments like Morton’s and Mastros, which are some of the most popular steakhouses among the U.S. business elite.

Was I affected? What can I do?

If you were affected by the breach, you may have received a letter or email from Landry’s with more details on your risk factors. To know for sure if you were affected, check your bank or card statements for visits to restaurants in the Landry’s group between Jan. 18, 2019, and Oct. 17, 2019.

If you visited a Landry’s restaurant during this period, you may be at risk. While you’re looking at your statements, it’s also worth checking for any unrecognized or fraudulent charges that may have appeared. Because the breach has been documented, you may be able to have any fraudulent charges reversed.

Additionally, it may also be in your best interest to set up a credit freeze until you’re 100% sure your identity isn’t at risk of being stolen. Credit freezes prevent any new accounts from being opened using your credit score, and can potentially save you from identity theft. Tap or click to see more benefits of a credit freeze.

With so many security breaches starting to hit brick-and-mortar outlets, it might be worth carrying cash for the time being. Of course, if you’re ordering or shopping online, there are much safer ways to pay than using your card. Tap or click to learn the safest ways to pay online.

Tags: breaches, credit freeze, cybercriminals, identity theft, malware, security