Catch Hospitality Group are notifying customers about an incident involving payment cards.
Point-of-sale systems (POS) at CatchNYC, Catch Rooftop, and Catch Steak had been identified with malware – thus allowing attackers to steal credit card information from customers.
The timeframes to when the payment card data may have been accessed was from March 19 2019 to October 17, 2019 for Catch NYC. For Catch Steak, the timeframe was September 17, 2019 to October 19, 2019.
The malware would attempt to steal track data on the magnetic stripe of payment cards. The data includes cardholder’s name, card number, expiration data and internal verification code.
The company noted that not all POS devices were affected, as two different POS devices are used when customers make payments; one brought by the waitstaff to a table and the second at the bar.
“Almost all of the dining area transactions occur on devices brought to a guest at the table. Those transactions were not involved in this incident because those devices use point-to-point encryption technology. The cards involved in this incident are cards used at the bar or in the rare circumstances that a card was swiped at the device where waitstaff enter orders,” Catch explains.
The malware has been removed, and enhanced security measures have been implemented. In addition, the incident has been reported to the company’s payment processor.
Customers who used their credit card at Catch restaurants during the timeframe are urged to review their card statements for any unauthorised activity.
The post #Privacy: Catch restaurants announces payment card incident appeared first on PrivSec Report.