[BreachExchange] Houston billionaire's restaurant co. reports data breach

Destry Winant destry at riskbasedsecurity.com
Mon Jan 6 10:08:47 EST 2020


https://www.bizjournals.com/houston/news/2020/01/02/houston-billionaires-restaurant-co-reports-data.html

Houston-based restaurant giant Landry's Inc. recently discovered
malware in its systems that might have accessed payment card data for
certain customers, according to a press release issued late Dec. 31.

Since 2016, Landry's has been using end-to-end encryption technology
on point-of-sale terminals at all Landry's-owned locations, the
release noted. However, the affected customers' cards were mistakenly
swiped by waitstaff on different devices, which are used to enter
kitchen and bar orders. The release describes such incidents as rare.

The malware Landry's recently discovered searched for track data —
which could include the cardholder name in addition to card number,
expiration date and internal verification code — on cards mistakenly
swiped on the order-entry system. In some cases, only part of the
information was identified. The malware was not able to access data of
payment cards correctly swiped on point-of-sale terminals, as Landry's
said the end-to-end encryption technology was functioning correctly.

In general, the malware might have accessed cards swiped on the
order-entry system between March 31, 2019, and Oct. 17, 2019. But
access might have occurred as early as Jan. 18, 2019, at a small
number of locations. Once the unauthorized access was discovered,
Landry's launched an investigation with the assistance of a leading
cybersecurity firm, per the release. The malware was removed, and
Landry's implemented enhanced security measures and is providing
additional training to waitstaff. The company also continues to
support a law enforcement investigation, though it provided no further
details.

Customers are encouraged to always closely monitor their payment card
statements and immediately report unauthorized charges to their
financial institution, per the release. Landry's has provided a list
of additional steps customers can take here. For additional questions,
customers may call 833-991-1538 from 8 a.m. to 8 p.m. Central Time
Monday through Friday.

In late 2015, Landry's reported a similar incident in which data from
payment cards was compromised. That incident led to a lawsuit
involving JPMorgan Chase Bank NA and its payment processing and
merchant acquiring business, Paymentech LLC, as well as Visa and
Mastercard. That lawsuit is ongoing, with a pretrial conference
scheduled for Jan. 15, according to court documents.

Worldwide, Landry’s operates more than 600 locations of high-end and
casual dining establishments across more than 60 brands. Landry's also
just closed on the purchase of sister steakhouse chains Del Frisco’s
Double Eagle Steakhouse and Del Frisco’s Grille in early November, won
court approval for its $37.2 million bid to acquire bankrupt
Seattle-based Restaurants Unlimited Holding Corp. in September and won
court approval to acquire the assets of Houlihan's Restaurants Inc.
parent company HRI Holding Corp. in late December. In Houston, the
company recently opened a Saltgrass Steak House location at the George
R. Brown Convention Center downtown and rebranded McCormick &
Schmick’s Seafood & Steaks as M&S Seafood, Steaks & Oysters, starting
with the Uptown Park location.

Local billionaire Tilman Fertitta is the chairman, president and CEO
of Landry's.


More information about the BreachExchange mailing list