Warning, Walt Disney World travelers. Several restaurants on Disney property were recently involved in a credit card breach. Here’s what you need to know to make sure your information is safe.
- Restaurants that are part of Landry’s, Inc. — including Rainforest Café, T-Rex Café, and Yak & Yeti Restaurant on Disney property — have been impated by a credit card breach.
- The breach affects cards that were swiped from March 13 and October 17, 2019.
- Landry’s, Inc. has since been investigating the breach, removed the malware that caused it, and implemented more security measures. However, those concerned are encouraged to contact Landry’s as well as their credit card provider.
- We have included tips for protecting yourself from credit card fraud at the bottom of this article.
Landry’s, Inc. — a popular restaurant corporation that owns and operates several dining locations across the U.S., including several restaurants at Disney World (two Rainforest Café locations, T-Rex Café, and Yak & Yeti Restaurant) — recently reported a credit card breach. While restaurants outside of Disney were affected by the breach, we are sharing this story so that Walt Disney World visitors who dined at these Landry’s locations can be aware of the possibility of this breach impacting their personal credit card information.
According to the Landry’s Inc. statement, this credit card breach has affected cards that were swiped between March 13 and October 17, 2019. The breach took place when waitstaff used customer’s credit cards on devices that are used to enter kitchen and bar orders. These are different devices than the ones that are used for payment processing.
Keep in mind that Landry’s rewards cards were not involved in the breach, and Walt Disney World MagicBands that are used for payment were not involved, either.
Below is a segment of a statement that Landry’s, Inc. released regarding the credit card breach.
Landry’s, Inc. (“Landry’s”) takes the security of payment card data very seriously. Years ago (beginning in 2016), Landry’s installed a payment processing solution that uses end-to-end encryption technology at all Landry’s owned locations.
We are notifying customers of an incident that we recently identified and addressed involving payment cards that, in rare circumstances, appear to have been mistakenly swiped by waitstaff on devices used to enter kitchen and bar orders, which are different devices than the point-of-sale terminals used for payment processing. This notice explains the incident, measures we have taken, and some steps you can take in response.
Landry’s recently detected unauthorized access to the network that supports our payment processing systems for restaurants and food and beverage outlets. We immediately launched an investigation, and a leading cybersecurity firm was engaged to assist. Although the investigation identified the operation of malware designed to access payment card data from cards used in person on systems at our restaurants and food and beverage outlets, the end-to-end encryption technology on point-of-sale terminals, which makes card data unreadable, was working as designed and prevented the malware from accessing payment card data when cards were used on these encryption devices. Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have order-entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards. In rare circumstances, it appears waitstaff may have mistakenly swiped payment cards on the order-entry systems. The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems. Landry’s Select Club rewards cards were not involved.
The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card after it was swiped on the order-entry systems. In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name. The general timeframe when data from cards mistakenly swiped on the order-entry systems may have been accessed is March 13, 2019 to October 17, 2019. At a small number of locations, access may have occurred as early as January 18, 2019. A full list of Landry’s owned restaurants and food and beverage outlets involved is available here.
It is always advisable for individuals to closely monitor their payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to the financial institution that issued the card because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card. Please see the section that follows this notice for additional steps you may take.
During the investigation, we removed the malware and implemented enhanced security measures, and we are providing additional training to waitstaff. In addition, we continue to support law enforcement’s investigation.
If you have any questions, please call 833-991-1538 from 8:00 a.m. to 8:00 p.m. CT, Monday through Friday. (The call center will be closed on New Year’s Day).
How can you protect yourself?
If you visited a Landry’s restaurant location, either on Disney property or otherwise, between March 13 and October 17, 2019, you are encouraged to take measures to protect yourself.
Here are some steps you can take if you believe your information may have been compromised during this Landry’s credit card data breach in 2019:
- Review the instructions Landry’s has provided regarding the credit card breach. The company has included several tips that restaurant guests can follow if their credit cards were swiped at a Landry’s location between March and October of last year. You can read those steps on the official website here.
- Utilize credit monitoring services, if you are not already.
- Review your statements for any signs of possible fraud, and contact your credit card provider if you are at all concerned that your information was compromised.
- Set up alerts through your credit card company so you can be notified of suspicious activity the moment it occurs.
Source: Landry’s, Inc.