Security Experts:

Connect with us

Hi, what are you looking for?



Landry’s Discloses Payment Card Incident

Houston, Texas-based dining, hospitality and gaming company Landry’s revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems.

Houston, Texas-based dining, hospitality and gaming company Landry’s revealed recently that it had discovered a piece of malware designed to steal payment card information on its systems.

Following a payment card breach that hit the company’s restaurants in 2015, Landry’s started using a payment processing solution that relies on end-to-end encryption to protect sensitive information on point-of-sale (PoS) terminals. The company started rolling out the new system in 2016 and it’s currently used at all of its locations.

Last year, cybercriminals managed to plant a piece of malware on Landry’s systems in hopes of stealing payment card information. However, the company says the encryption technology prevented the malware from obtaining any information from PoS systems.

However, in what the company has described as “rare circumstances,” waitstaff mistakenly swiped customer cards on order-entry systems. These systems, used by staff to enter bar and kitchen orders and to swipe reward cards, also have a card reader.

The problem is that the order-entry systems are not protected by the same end-to-end encryption technology as PoS terminals and Landry’s says the malware may have captured data from payment cards mistakenly swiped by staff on order-entry systems.

“The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card after it was swiped on the order-entry systems. In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name,” the company told customers.

Based on its investigation, Landry’s believes the malware may have stolen data from cards swiped between March 13 and October 17, 2019, but in a small number of cases the malware may have been present since January 18, 2019.

Landry’s has listed 63 of its brands as being affected, but the actual number of potentially impacted locations is higher as some brands are present in more than one city in the United States.

Landry’s joins a long list of restaurant companies that disclosed payment card breaches over the past year, including Islands RestaurantsOn The BorderChurch’s ChickenCatchFocus Brands (Moe’s, McAlister’s and Schlotzsky’s), Checkers Drive-In RestaurantsEarl EnterprisesHuddle House, Chili’sApplebee’s, and Cheddar’s Scratch Kitchen.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...