The Houston-based Landry's, Inc., which owns around 500 restaurant properties as well as Golden Nugget Hotels and Casinos, revealed the locations of the potential payment card data breaches it first reported in December.
The restaurant, casino and entertainment company also released an inventory of eateries and other establishments in which payment card data would have been most vulnerable. The list, posted to its website, is so extensive that it includes a drop-down menu containing each of the more than 45 locations, including Golden Nugget Hotels and Casinos in Atlantic City, N.J.; Biloxi, Miss.; Lake Charles, La.; and Laughlin and Las Vegas, Nev.
The company said it does not know how many people used their cards at each affected location at this time.
Two months ago, Landry's, which also owns restaurants including Bubba Gump Shrimp Co., Chart House and Rainforest Café, reported it was investigating reports of unauthorized charges on certain payment cards used legitimately by customers at some locations.
“Findings from the investigation show that criminal attackers were able to install a program on payment card processing devices at certain restaurants, food and beverage outlets, spas, entertainment destinations and managed properties,” a company statement read.
The malware picked off cardholder name, card number, expiration date and internal verification information from cards' magnetic strip data as it was being routed through affected systems.
Landry's said the breaches occurred primarily from May 4, 2014 through March 15, 2015 and from May 5, 2015 through Dec. 3, 2015. In addition, the at-risk timeframe for a small percentage of locations included the time period of March 16, 2015 through May 4, 2015.
Attackers typically exploit vulnerabilities in point-of-sale devices to install malicious software to steal credit and debit card data that contains personally identifiable information.
The company also said in a statement that it has deployed end-to-end encryption and other security enhancements to prevent similar incidents from occurring. It urged customers to remain vigilant with their card statements and immediately report irregularities.
“If you used a card at an affected location during its at-risk window, we recommend that you remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity,” the statement warned. “You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.”
Brad Cyprus, chief of security and compliance at the Houston-based cybersecurity company Netsurion, weighed in on the breach, stating, “Cybercrime costs businesses more than $300 billion worldwide, and a majority of it is due to stolen credit cards or identity information – items of significant monetary value to a hacker.”
Recently, the fast food chain Wendy's began investigating a possible credit card breach at various East Coast and Midwest restaurant locations in response to fraud reports from various sources within the financial industry.
The high number of transactions that take place during any given day makes restaurants an easy target for credit card hacks, Dodi Glenn, vice president, cybersecurity at the Sioux City, Iowa-based PC Pitstop, pointed out.
“POS systems have a lot of security vulnerabilities, making it very easy for hackers to steal credit card information,” he said.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
