Customer data possibly stolen from restaurants in Phoenix area
Jan 3, 2020, 11:44 AM | Updated: 1:03 pm
(Yelp Photo)
PHOENIX – National restaurant chain Landry’s, which includes several locations in metro Phoenix, has alerted customers to a recent data breach that could have exposed their credit-card information.
The Texas-based company posted a note on its website saying malware had possibly stolen payment data from an order-entry system used for kitchen and bar orders. It is a secondary system to record orders, Landry’s said.
No restaurants were identified but Landry’s owns nearly a dozen eateries in the Valley: the Chart House, Mastro’s (including City Hall and Ocean Club), Morton’s, all in Scottsdale; Joe’s Crab Shack, Rainforest Cafe, both in Tempe; and Claim Jumper in Avondale, Phoenix and Tempe.
Wait staff swiped cards on the secondary, more vulnerable devices last year from about March 13 to Oct. 17, according to the announcement.
The main point-of sale system, which features end-to-end encryption, and was not vulnerable to the attack, Landry’s said.
A “small number of locations” may have been infected as early as Jan. 18, the note said.
“The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card after it was swiped on the order-entry systems,” Landry’s said.
“In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name.”
The malware was removed during the investigation, the company said. Enhanced security measures were implemented and the wait staff was undergoing addition training.