Late yesterday Landry's, Inc., an American restaurant group that owns and operates over 500 restaurants across the country — including chains like Rainforest Cafe, Morton's Steakhouse, and Bubba Gump Shrimp Company — confirmed its restaurants had been victims of a network-wide credit card breach.
According to Krebs on Security, banking industry sources began reporting fraud patterns on cards used at Landry's restaurants last week. The Houston, Texas-based company was slow to confirm the rumors, but says in a release, "We immediately began an investigation after receiving these reports and have engaged a leading cybersecurity company to investigate this matter. We are also working with our processor and payment card networks."
It is not known at this time which of Landry's restaurants have been affected. Landry's owns several major restaurant chains, including Claim Jumper, Mastro's Restaurants, and McCormick & Schmick's; their full list of restaurants is below:
Babin's Seafood House
Big Fish Seafood Bistro
The Boathouse in Canada
Brenner's on the Bayou
Bubba Gump Shrimp Company
The Crab House
Fisherman's Wharf Seafood Grill
The Flying Dutchman Restaurant & Oyster Bar
Harlow's Food & Fun
Mai Tai Bar
McCormick & Schmick's
Morton's The Steakhouse
The Oceanaire Seafood Room
Saltgrass Steak House
Vic & Anthony's Steakhouse
Willie G's Seafood & Steaks
Yak & Yeti
Customers who have dined at any of these restaurants between May 2015 and today should immediately check their credit card statements and report any irregularities to their credit card company. Landry's notes in their release: "Individuals that timely report unauthorized charges to the bank that issued the card are generally not responsible for such unauthorized charges. Accordingly, we encourage all consumers to follow good practices by regularly reviewing their payment card accounts and timely reporting unauthorized charges."
Landry's began installing a more sophisticated payment processing system earlier this year. Krebs suggests that the company was at risk for credit card fraud because it was slow to note its own vulnerability. This current breach began to occur prior to the new system's installation across the restaurant group. This story is developing.
Restaurants are particularly at risk for credit card breaches because of the many different ways a restaurant can process a credit card transaction, the fact that credit cards leave a seated diners' sight when they pay (at least in the U.S.), and the industry is bogged down by old, clunky point of sale systems. Krebs notes that banks tracking card data stolen after use at Landry's restaurants say the fraudulent charges are occurring at big box retailers like Target and Best Buy.