Landry’s Inc. operates more than 60 restaurant chains. On January 2, 2020, the company announced that there was a POS malware breach that aimed at the client’s payment credit card details. Landry states that the security breach affected the clients that paid using their credit cards between March 13th and October 17th, 2019. One of the restaurant wait staff swiped a credit card on unprotected devices, the order entry system which enabled the malware to capture the information. The hackers were able to collect personally identifiable information that involved debit card and credit card numbers, verification codes, expiration dates, and cardholder’s names. Landry stated that the malicious program was installed to compromise card data and the payment card processing devices within the restaurants.
Unlike other data breaches that leaked millions of personal information for clients, Landry stated that the number of clients who were affected was relatively low since the breach was related to human error. The breach exposed payment cards for clients in 600 of its brands. Landry failed to expose the estimated number of cards that were impacted.
Several data security measures can be put into place to protect businesses against attacks. The credit card breach could be avoided through end to end encryption on the order entry system. This is because the end to end encryption was not active in the order entry system. End to end encryption is considered as a secure communication line that blocks any third party users from gaining access to any transferred data. This means that when data is being transmitted online, only the recipient and sender can encrypt it through a key. Therefore, end to end encryption will play a big role in protecting sensitive information and mitigating risks by blocking third parties from accessing the user data when transferred to the POS system during the payment card processing. When the consumer is using a credit card at a business, the data obtained from the credit card is encrypted as soon as the data is entered into the payment system at the point of sales. The data will remain encrypted until it reaches the acquirer or processor where it is then encrypted.