Landry's Credit Card Breach

HouCuseChickie

Well-Known Member
Original Poster
I'm not sure if anyone posted this yet, but the Houston news has reported that Landry's has had some level of credit card breaches. The news said this could be impacting customers who dined in (or stayed at) a Landry's owned establishment as far back as May and could still be an issue for current patrons. Landry's has not noted which restaurants/properties were/are impacted, but with around 500 and considering T-Rex, both RFCs, and Yak and Yeti are Landry's owned properties at WDW (and RFC at DL), you may want to keep an eye on your card(s) if you've dined at any Landry's based places in this time frame.

So, sorry if this is duplicating a post somewhere else, but just wanted to put the word out in case it hasn't.
 

LAKid53

Official Member of the Girly Girl Fan Club
Premium Member
I ate at Yak & Yeti a week ago, but I think I paid cash, since it was their QS spot. But will check my cc bill.
 

Hazy

New Member
"Enhanced security measures, including end-to-end encryption, have been implemented to prevent a similar issue from occurring in the future"

I find it wholly unacceptable that they are just NOW putting End to End Encryption AFTER the magnetic strip of people's credit (and DEBIT) cards is out in the ether. What a bunch of jack wagons. Another corporation that doesn't want to pay for the needed measures to ensure the safety of credit/debit card transactions. Security measures don't make money, they drain money. Maybe someday, someday, they'll learn that losing customers and lawsuits drains money. Disney (if they haven't) should institute an internal audit strategy for 3rd party partners/vendors, etc. to be sure that they have the proper network security measures in place BEFORE they are even allowed to open their doors in one of their theme parks, resorts...
 

CJR

Well-Known Member
I hope they find the crooks and lock them up. Scum that do this stuff don't deserve to walk free, in my opinion.

Ugh! We were at RFC in AK on Wednesday night. Looks like I'm going to have to call my bank.

Thanks for posting!!

It doesn't hurt to watch your credit carefully, but it looks like this is exclusive to the Yak and Yeti at Walt Disney World (EDIT: to clarify, I mean Yak and Yeti is the only restaurant at Walt Disney World impacted, there were lots of restaurants impacted nationwide). There were some RFC's that were impacted in other states though.
 

donsullivan

Premium Member
It's really unfortunate the number of companies that still have not stepped it up to do this correctly. Retailers seems to be at the greatest risk with very old POS platforms where they can't just apply simple updates to add encryption but need to complete a major system upgrade that they are reluctant to invest in.

As for the lawsuit reference made above, it's really difficult for any individual to sue a merchant that has a breach like this. To file such a suit you have to show that you were actually 'harmed' not just put at risk of being harmed. That became a big topic a couple of years ago around the Target and Home Depot breaches.

The big change that happened last fall to try and fix this is the credit card industry (the banks) mandated the chip addition to cards. If a merchant has not converted to that and is still using swipe of mag stripe, liability for any fraudulent transactions is no longer covered by the banks but by the merchant that did not update their equipment.
 
Last edited:

donsullivan

Premium Member
Aren't all businesses required to update to an EBT type system?

I added a note to that above anticipating this might come up. They are not technically 'required' to make the update but if they do not, the bank will hold the merchant liable for any loss as a result of the breach vs in the past, the bank ate the loss.
 

Andrew C

You know what's funny?
Retailers seems to be at the greatest risk with very old POS platforms where they can't just apply simple updates to add encryption but need to complete a major system upgrade that they are reluctant to invest in.

Aren't all businesses required to update their systems for EMV?
 

Andrew C

You know what's funny?
I added a note to that above anticipating this might come up. They are not technical 'required' to make the update but if they do not, the bank will hold the merchant liable for any loss as a result of the breach vs in the past, the bank ate the loss.

Sorry, I said EBT but meant EMV...EBT are food stamp cards. :D
 

rael ramone

Well-Known Member
Just called the Landry's hotline for this incident...

Apologized first.

Asked for first and last name. Not asked for any other information in the event that they want to contact me further.

Asked if I notified my bank.

Asked if I noticed any activity that wasn't mine.

Then said I should be vigilant, watch for charges on that card, apologized for the inconvenience again.

It could be 'early' yet, but every other time I've followed up on a breach report, I was offered a year of free credit monitoring. Not here.
 

donsullivan

Premium Member
Just called the Landry's hotline for this incident...

Apologized first.

Asked for first and last name. Not asked for any other information in the event that they want to contact me further.

Asked if I notified my bank.

Asked if I noticed any activity that wasn't mine.

Then said I should be vigilant, watch for charges on that card, apologized for the inconvenience again.

It could be 'early' yet, but every other time I've followed up on a breach report, I was offered a year of free credit monitoring. Not here.

Having worked for a company that had to deal with an incident like this for a bunch of colleges some years ago, we found it takes a few days to get all of the mechanics in place for credit monitoring. Few companies 'plan' for this to happen so it takes some time get everything worked out with the credit monitoring companies and then get that communicated to service desk staff.
 
Last edited:

Hazy

New Member
It's really unfortunate the number of companies that still have not stepped it up to do this correctly.

It's cost. Without a revenue stream back. It drains bottom lines as the Intrusion Detection appliances, maintenance, employees to maintain, etc. are exorbitant.
 

donsullivan

Premium Member
It's cost. Without a revenue stream back. It drains bottom lines as the Intrusion Detection appliances, maintenance, employees to maintain, etc. are exorbitant.

There is no doubt that cost is a variable in the decision. If their POS platform can not be updated to add those encryption features from the core (not uncommon if it's really old), then it needs to be done with external hardware. Having been thru a POS replacement with a retailer in a 'past life' it a massive multi-year undertaking. With 500+ locations, no matter what they do it's going to be expensive and it will take some time to complete. Each mature company like this runs a risk analysis and decides they think the risk is worth the delay in adding that control to their environment. Unfortunately, most of those that do end up being 'forced' to make the updates independent of what they had budgeted when something like this happens.
 
Last edited:

rael ramone

Well-Known Member
Having worked for a company that had to deal with an incident like this for a bunch of colleges some years ago, we found it takes a few days to get all of the mechanics in place for credit monitoring. Few companies 'plan' for this to happen so it takes some time get everything worked out with the credit monitoring companies and then get that communicated to service desk staff.

This is good to know. I don't know if it's required to offer credit monitoring, IMHO it's the ethical thing to do if a corporation has a credit breach.
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom