US restaurant chain Landry's disclosed a security incident that involved the discovery of malware on the network of hundreds of restaurants.
According to a notice published on its website, the company said the malware they found was designed to collect payment card data from cards swiped at its bars and restaurants.
However, Landry's believes that only a small number of users were impacted, primarily due to security features the company implemented in 2016 after it experienced a first infection with POS malware.
A weird card breach
Landry's says that after the 2016 card breach[1] they implemented a solution that uses end-to-end encryption to hide customer payment card data while it's being processed at its restaurants. By encrypting payment card data on its systems, even if malware was present on its restaurant network, the malware couldn't access customer data.
However, this security feature was only active for point-of-sale (POS) terminals -- the payment card readers used by waitstaff when customers pay for their meals, drinks, and other orders.
The security feature that encrypted card data was not active for the order-entry system -- because it had no reason to be active there.
Order-entry systems are digital systems implemented at bars and restaurants. They allow bar and kitchen staff to receive and manage orders using special apps. Some of these systems have card-reading terminals designed to handle customer rewards cards, so users can save preset orders and use loyalty points.
Landry's says that "it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems."
Because the order-entry system didn't encrypt any of its data, there's now the danger that the POS malware could have collected and stolen customers' payment card data.
63 bar and restaurant brands impacted
Landry's says they found the