Landry’s Inc. has provided the public with more information regarding the point-of-sale breaches affecting several of its brands including Landry’s Seafood, the Golden Nugget Hotel & Casino, and Rainforest Café.
According to Landry’s latest press release, cyber criminals were able to install a program on the payment processing devices of several of the Landry’s restaurants, food & beverage outlets, spas, entertainment destinations and managed properties.
The malicious program installed was designed to reroute data directly from the magnetic stripe of payment cards that had been swiped. The information compromised includes cardholder name, card number, expiration date and internal verification code.
Findings from the investigation have concluded that customer data was at risk during two main time periods: between May 4, 2014, and March 15, 2015, & between May 5, 2015, and December 3. A small percentage of locations were also affected between March 16 and May 4.
While the total number of people affected is still unknown, Landry’s is warning customers who used a payment card at an affected location during the at-risk window to remain alert to the possibility of fraud and to keep an eye out for any suspicious transactions made on their cards.
Landry’s has since stated that they’ve implemented end-to-end encryption across all its systems to ensure data is secure from the moment a card is swiped until transferred to a bank.
Breaches like Target & Home Depot could’ve been easily mitigated if they had followed the fairly simple steps: Start by implementing a hardened build standard with precision change detection- PCI DSS recommends using the CIS Benchmarks as the best hardening standard to adopt. This coupled with Breach Detection Technology- PCI File Integrity Monitoring- Host Intrusion Detection- will ensure that even if a breach is successful, you’ll be alerted to the fact immediately, so that any card data compromised can be stopped in its tracks. Let’s not forget- Target lost over 70 million individuals records in only two and a half week, so where a breach can’t be prevented, the speed of detection is critical.
POS terminals have continuously proven to be the easiest target for criminals. The information stored on these devices is far too sensitive to leave without defense measure implemented- so when will you take action?
For a list of the affected locations, click here.
Read this article on SC Magazine