Joe’s Crab Shack and McCormick and Schmick’s restaurants in Hampton Roads were potentially involved in a credit card breach, according to the restaurants’ parent company Landry’s Inc.
Landry’s restaurants have encryption devices used to process payment cards, but they also have order-entry systems for waitstaff with a card reader attached. In rare circumstances, Landry’s said, waitstaff may have mistakenly swiped payment cards on the order-entry systems.
Malware was found in systems at Landry’s restaurants. The encryption devices prevented the malware from accessing payment card data, but the cards that were mistakenly swiped on the order-entry systems may have been affected.
The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date and internal verification code) read from a payment card after it was swiped on the order-entry systems. In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name.
The general timeframe when data from cards mistakenly swiped on the order-entry systems may have been accessed is March 13, 2019 to October 17, 2019. At a small number of locations, access may have occurred as early as January 18, 2019.
Click here to see a full list of Landry’s-owned restaurants and food and beverage outlets that were potentially involved.