There are thousands of restaurants in South Florida. Some of those restaurants are independently owned. Some are owned by large corporations. Each restaurant is a potential opening for a costly data breach.
On January 29, 2016, Landry’s Incorporated, owner of more than 500 restaurants, including Morton’s, Oceanaire Seafood Room, Vic & Anthonys, and the Rainforest Café, released a list of restaurants following a “a December report of suspicious activity on cards used at some Landry’s locations.” Landry’s stated that an “investigation began immediately after we received a report in early December of suspicious activity regarding cards that had been legitimately used in some of our locations.” Landry’s further stated that “[f]indings from the investigation show that criminal attackers were able to install a program on payment card processing devices at certain of our restaurants, food and beverage outlets, spas, entertainment destinations, and managed properties.” Landry’s stated that it hired a cyber security firm, is working with law enforcement, and that enhanced “security measures, including end-to-end encryption, have been implemented to prevent a similar issue from occurring in the future, and we continue to support law enforcement’s investigation.”
As mentioned in previous posts to this blog, Florida’s newly enacted Florida Information Protection Act may require a Florida business to notify its consumers of a data breach, notify its consumers’ consumer credit reporting agencies, and provide materials to the Florida Attorney General. The incident involving Landry’s should remind Florida businesses, including businesses involved in the food and entertainment industries, that data breaches may prove costly to them should they fail to properly protect against data breaches.