14 DAY TRIAL // Landry's, a US-based restaurant chain that owns over 500 properties, announced last Thursday a card breach, with multiple unauthorized transactions charged to people who all used their credit cards at one of the company's restaurants.
No details are known on how the user credit card data was stolen, so at the moment, it may be through a credit card skimming device used inside its restaurants, or it may also be a malware infection in some of the restaurants' PoS (Point of Sale) system.
Illegal charges started popping up in May 2015
Sources from the US banking system, quoted by independent security blogger and former Washington Post reporter Brian Krebs, say that users first started reporting illegal transactions around May 2015. After enough users had reported unauthorized charges, investigators found that most people used their cards at a Landry's restaurant.
After the news broke, the company quickly released a statement, while also hiring the services of a security firm to help it investigate the incident.
The company says that, around the time the incident was uncovered, it was already in the midst of revamping its PoS systems and that 92% of its properties had already started using end-to-end encryption for handling card payments.
Landry's can't say how many users are affected
At this moment, Landry's representatives can't tell how many properties or users have been affected. The company claims that data like the cardholder’s name, card number, expiration date, and internal verification code was stolen in the incident.
"Cybercriminals innovate daily - creating new malware and tactics that allow them to breach systems and steal data," told Softpedia, Paul Jespersen, Vice President of Emerging Technologies at Comodo. "During the holidays, all the organizations that use point of sale systems and process payment data are especially targeted because so much credit card, personal and financial data passes through those systems - a goldmine for the cybercriminal."
"Cybercrime costs businesses more than $300 billion worldwide, and a majority of it is due to stolen credit cards or identity information - items of significant monetary value to a hacker," explained Houston-based security expert Brad Cyprus, chief of security and compliance at Netsurion, a provider of remotely managed security services.
"As 2015 draws to a close, the frequency of threats is not slowing down - if anything, the pace of the busy holiday season has served as a distraction for businesses like restaurants, small hotels and hospitality chains. Prioritizing security needs and resolving to outsource data and network security should be business imperatives for 2016, using minimally invasive solutions, rapid response times and state-of-the-art technology to secure customer data for businesses who can’t, or simply don’t want to manage security themselves," Mr. Cyprus told Softpedia.