Cyber Incident Victim: Landry's Inc.
Date:
Mar 2019
Location:
United States of America
Summary
A restaurant chain experienced a point-of-sale malware incident impacting 63 of its brands, where attackers targeted payment card data from swiped transactions. The malware primarily affected unencrypted order-entry systems after staff mistakenly processed payment cards through these terminals instead of secured POS devices. While the company's earlier security measures on dedicated payment systems limited potential exposure, card data processed via order-entry systems remained vulnerable to theft. The establishment advised customers who recently used payment cards at affected locations to monitor for fraudulent activity and is collaborating with forensic investigators and law enforcement to address the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early January 2020, Landry's restaurant chain disclosed a point-of-sale (POS) malware incident affecting 63 of its bar and restaurant brands. The company detected malware designed to collect payment card data from cards swiped at its establishments, with activity timelines varying by location. For most impacted venues, the malware operated between March 13, 2019, and October 17, 2019, though some locations experienced compromised systems as early as January 18, 2019. Landry's attributed the limited impact to security measures implemented in 2016 following a prior POS malware incident, which encrypted payment card data at staff-operated POS terminals. These encrypted terminals represented the primary payment processing systems where customers settled their bills. However, the malware exploited an unexpected vulnerability in unencrypted order-entry systems—digital platforms used by kitchen and bar staff to manage orders through specialized applications. These secondary systems occasionally contained card readers intended for loyalty or rewards cards but lacked encryption protocols since they weren't designed for payment processing. Landry's investigation revealed that waitstaff had occasionally swiped payment cards through these order-entry terminals instead of the secured POS devices, creating an opportunity for malware to capture unencrypted card details.
The incident exposed payment card information from transactions mistakenly processed through unsecured order-entry systems during the malware's active period. Landry's maintained that the majority of customers using standard POS terminals remained unaffected due to the 2016 encryption safeguards. The company published a list of impacted brands and locations while urging customers who visited affected establishments within the specified timeframe to review their payment card statements for unauthorized activity. Landry's initiated collaboration with law enforcement agencies and a digital forensics firm to investigate the breach's scope and origin. Public notifications directed potentially affected individuals to the company's official security notice for additional verification steps and guidance. No specific details regarding the number of compromised accounts or the malware's technical operation were disclosed in the public advisory. The company emphasized ongoing efforts to address the incident while maintaining normal business operations across its properties.