Catch Hospitality Group has announced that a point-of-sale malware attack may have exposed customer data.
Popular New York City restaurants Catch NYC, Catch Roof, and Catch Steak initiated an investigation after discovering unauthorized activity on payment processing systems. The investigation revealed malware on point-of-sale systems, which put customer credit-card information at risk.
The malware was active between September 7 and October 17, 2019. An investigation was launched immediately, and uncovered malware was removed instantly.
Catch emphasizes that the malware did not affect transactions processed on POS devices that were used to charge customers. These devices are protected with point-to-point encryption, the company says, so transaction data was not accessible to hackers.
“During the investigation, we removed the malware and implemented enhanced security measures, and we continue to work with cybersecurity experts to evaluate additional ways to enhance the security of payment card data,” said the company in an online statement. “The malware searched for track data read from a payment card as it was being routed through POS devices. There is no indication that other customer information was accessed.”
The group added that customers should double-check bank statements for unauthorized activity, which should be reported to authorities.
Catch is in good company. In the past, restaurant chains like Applebee’s and Checkers have fallen victim to POS malware.