Pierluigi Paganini January 02, 2020

The popular US restaurant chain Landry’s announced that it was the victim of a cyber-attack, malware has infected its point of sale (POS) systems.

The popular US restaurant chain Landry’s disclosed a security incident, its point of sale (POS) systems have been infected with malware specifically developed to steal customers’ payment card information (i.e. credit card numbers, expiration dates, verification codes and, in some cases, cardholder names).

Landry’s owns and operates more than 600 restaurants, bar, hotels, and casinos with over 60 popular brands, including Landry’s Seafood, Saltgrass Steak House, Chart House, Bubba Gump Shrimp Co., Claim Jumper, McCormick & Schmick’s, Morton’s The Steakhouse, Mastro’s Restaurant, Rainforest Cafe, Del Frisco’s Grill, and many more.

“Landry’s recently detected unauthorized access to the network that supports our payment processing systems for restaurants and food and beverage outlets. We immediately launched an investigation, and a leading cybersecurity firm was engaged to assist.” reads the breach notification published by the company. “Although the investigation identified the operation of malware designed to access payment card data from cards used in person on systems at our restaurants and food and beverage outlets, the end-to-end encryption technology on point-of-sale terminals, which makes card data unreadable, was working as designed and prevented the malware from accessing payment card data when cards were used on these encryption devices.”

The company pointed out that despite the PoS systems were infected, the attackers were not able to steal payment card data due to the implementation of end-to-end encryption technology.

The security breach notice states that the Landry’s outlets also use order-entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards.

The breach may have involved payment cards that the waitstaff mistakenly swiped on these order-entry systems.

“Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have order-entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards. In rare circumstances, it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems.” continues the notice. “The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems. Landry’s Select Club rewards cards were not involved.”

At the time of writing it is not clear the extent of the infection.

The POS malware remained active in the restaurant chain systems between 13th March 2019 and 17th October 2019, but at some locations, the initial infection may be dated as early as 18th January 2019.

Landry’s launched an investigation that allowed it to identify the malware and completely remove it from the infected systems, the company also announced to have enhanced security measures.

“During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to waitstaff. In addition, we continue to support law enforcement’s investigation.” concludes the company.

Customers that have used their debit or credit card at any of the Landry’s outlets last year should stay vigilant, monitor their payment card statements for any suspicious activity and immediately report any fraudulent activity to their bank and local law enforcement.

Pierluigi Paganini

(SecurityAffairs – Landry’s, PoS malware)

[adrotate banner=”5″]

[adrotate banner=”13″]