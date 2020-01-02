Loading...

Image: Landry & # 39; s, ZDNet

The American restaurant chain Landry & # 39; s revealed a security incident that involved the discovery of malware in the network of hundreds of restaurants.

According to a notice posted on its website, the company said the malware they found was designed to collect data from stolen card payment cards in its bars and restaurants.

However, Landry & # 39; s believes that only a small number of users were affected, mainly due to the security features that the company implemented in 2016 after experiencing a first infection with POS malware.

A strange violation of letters

Landry says that after the 2016 card violation they implemented a solution that uses end-to-end encryption to hide customer payment card data while processing in their restaurants. By encrypting payment card data on their systems, even if malware was present in their restaurant network, malware could not access customer data.

However, this security feature was only active for POS terminals: payment card readers used by waiters when customers pay for their meals, drinks and other orders.

The security function that encrypted the card data was not active for the order entry system, because it had no reason to be active there.

Order entry systems are digital systems implemented in bars and restaurants. They allow bar and kitchen staff to receive and manage orders through special applications. Some of these systems have card reading terminals designed to handle customer reward cards, so users can save pre-established orders and use loyalty points.

Landry says that "it seems that waiters may have stolen payment cards by mistake in order entry systems."

Because the order entry system did not encrypt any of your data, there is now a danger that POS malware may have collected and stolen customer payment card data.

63 brands of bars and restaurants impacted

Landry says they found the malware in the networks of 63 brands of bars and restaurants that the company currently manages. A list of the affected brands and their locations is available here.

The company says that, in most cases, POS malware was active in bar and restaurant networks from March 13, 2019 until October 17, 2019, although in some places, the malware was active from the January 18, 2019.

It is very likely that the majority of customers who paid with a payment card in the bars and restaurants owned by Landry are not affected.

The company is now advising customers who used their cards at their facilities during the last year to review the card payment history for any possible fraud.

Additional details and instructions for possibly affected customers are available in the company's official safety notice. Landry said he is currently working with the police and a forensic firm to investigate the incident.