This Week in Breaches: Landry’s POS Breach

The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization’s restaurants and additional properties dating back to 2014, and 2015.

An original report regarding the security incidents by Landry’s was released on December 17th, however, did not provide an exact estimate of the impacted customers. The malware attack exposed payment cards and data used at over 45 of its brands across 350 locations, including 34 states, District of Columbia and Canada, in reference to a January 29 statement. Landry’s has close to 500 locations and chains under its corporate umbrella.

In the January 29th statement, Landry’s reports that a malicious program was implemented by attackers to obtain and compromise sensitive card data, such as cardholder names, card numbers, expiration dates and verification codes. Further more, “findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at a certain [number] of our restaurants, food and beverage outlets, spas, entertainment destinations and managed properties,” according to the statement. “The program was designed to search for data from the magnetic-stripe of payment cards that had been swiped as the data was being routed through affected systems.”

It’s assumed that because not every location under Landry’s was compromised, the affected were relying on regional payment processors and various payment systems that were outdated Windows-based operating systems that were not being patched effectively.

Since discovering the breach, Landry’s has deployed an ‘end-to-end’ encryption and additional security enhancements across all properties and locations to prevent any future occurrences.  It’s crucial for any company that relies heavily on POS devices to ensure the protection of not only internal company data but customer data as well. At Secure Sense we believe that it’s better to act than react, and always assume that you’re under constant attack. This mentality will help prevent you, and your company from being in the next breached headline.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact your Secure Sense by calling 866-999-7506. Follow us on LinkedIn and follow us on Twitter  for current company and industry news.