Customers of 63 restaurant and lodging concepts owned by Landry’s Inc. are being notified that personal information stored on payment cards may have been accessible to hackers last year because some servers swiped the plastic through the wrong sort of processor.
“In rare instances,” the multiconcept operator explains on its website, the servers ran the cards through terminals that relay orders back to the kitchen and bar. The waitstaff typically is outfitted with ID cards for badging into the system and inputting orders. An unspecified number of waiters and waitresses apparently believed in error that the system also processed guest transactions.
Landry’s indicated that it learned of the unintentional security lapse when an effort to hack its POS system was detected. The company explained that the would-be thieves were unsuccessful because end-to-end encryption had been programmed into the network in 2016. But that protection was not extended to the order-placement system used by servers.
It did not say how many customers may have been vulnerable to a theft of information from mis-swiped cards. Most of the involved transactions occurred between March 13 and Oct. 17 of 2019, but some may have happened as early as Jan. 18 of last year, the company said in the alert.
The order-entry system is also used to track purchases by members of Landry’s Select Club frequent-guest program. Landry’s said information stored on the loyalty program cards was not exposed.
The company did not say how many restaurants were involved in the security mishap, but listed 63 concepts as having possibly exposed customers’ data.
Landry’s has grown through acquisitions into one of the industry’s largest brand collections, with concepts ranging from its namesake Landry’s seafood restaurants to Houlihan’s, which the company acquired this week. Houlihan’s was not one of the brands involved.