In November 2019, the company disclosed that malware had been discovered on some of their point-of-sale devices at some locations. The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date and internal verification code) read from a payment card as it was being routed through these POS devices.
Not all POS devices were infected, the company pointed out that it uses two different POS devices at its locations, one that is brought to customer's table by waitstaff and stationary ones at the bar and where the waitstaff enter orders. The portable POS devices were confirmed not affected because they utilized point-to-point encryption.
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.