Cyber Crime

Catch Hospitality Group discloses PoS malware infection at its restaurants

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.

Catch Hospitality Group announced that a PoS malware has infected its payment systems at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak restaurants.

The malicious code was designed to steal credit card information from customers.

The company launched an investigation after detecting the unauthorized activity on some of its payment processing systems, it also hired a cybersecurity firm to investigate the security breach.

The investigation revealed the presence of PoS malware on some of its payment systems. PoS malware is used by crooks to steal track data encoded on the magnetic stripe on credit cards, including the credit card number, expiration date, and internal verification code.

“The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card as it was being routed through these POS devices. There is no indication that other customer information was accessed.” reads the data breach notification published by Catch Hospitality Group.

Experts determined that the PoS malware was active on the payment systems in the two locations in different timeframes. For Catch NYC (including Catch Roof), the timeframe was from March 19, 2019 through October 17, 2019. For Catch Steak, the timeframe was September 17, 2019 through October 17, 2019.

Not all POS devices were infected, the company pointed out that it uses two different point-of-sale (POS) devices at its locations, one that is brought to your table by waitstaff and stationary ones at the bar and where the waitstaff enter orders. Portable POS devices are not affected because they utilize point-to-point encryption.

“The cards involved in this incident are cards used at the bar or in the rare circumstances that a card was swiped at the device where waitstaff enter orders.”

The company declared that it has removed the malware and implemented enhanced security measures for its payment systems.

Catch Hospitality Group reported the incident to its payment processor and notified the incident to law enforcement.

The company recommends customers to review their payment card statements for any unauthorized activity and urge them to immediately report any unauthorized charges to the card issuer.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Catch Hospitality Group, PoS malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited…

4 hours ago

DMM Bitcoin halts operations six months after a $300 million cyber heist

The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just six months after a…

11 hours ago

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing…

14 hours ago

Poland probes Pegasus spyware abuse under the PiS government

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to…

17 hours ago

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

The 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable…

19 hours ago

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship.…

2 days ago

This website uses cookies.