Landry's Inc. warned Tuesday that some customer payment-card data may have been compromised over the past year.
The Houston-based hospitality company said 63 of its individual brands may have been involved, ranging from the Aquarium to Yak & Yeti. A list of hospitality brands involved can be found at the company’s website.
“In rare circumstances, it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems,” which are used by team members to enter kitchen and bar orders, the company said at a special security page. The order-entry systems do not have the end-to-end encryption technology that the company has installed on its payment-processing platform, it added.
“The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems,” Landry’s said
The affected cards were swiped between March 13 and Oct. 17 of 2019. A limited number may have been used as early as Jan. 18 of last year.
Landry's investigation of the incident identified malware designed to access payment card data from cards used in person on ordering systems at its restaurants and food and beverage outlets.
“The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems,” the company said. “Landry's Select Club rewards cards were not involved.”
The malware searched for track data, which sometimes has the cardholder name in addition to card number, expiration date and internal verification code.
“In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name,” Landry’s said.
“During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to waitstaff. In addition, we continue to support law enforcement’s investigation,” the company said.
More information is available at www.landrysinc.com/Credit/Notice. The company said consumers may call (833) 991-1538 from 8 a.m. to 8 p.m. CST, Monday through Friday.
Landry’s reported a large data security breach in 2014-2015 that affected more than 40 of its restaurant, gaming and hotel brands in more than 30 states and Canada.
Landry’s owns dozens of brands, including Bubba Gump Shrimp, Chart House, Claim Jumper, Mastro’s, McCormick & Schmick’s, Morton’s, Oceanaire Seafood Room, Rainforest Café and Saltgrass Steakhouse.
Contact Ron Ruggless at [email protected]
Follow him on Twitter: @RonRuggless