Disney World restaurants hacked; credit card data & personal information leaked

A data breach affected for half a year multiple franchises owned by Landry’s Inc., a popular restaurant corporation that operates throughout the US territory, including several franchises operating in the world-famous amusement park Disney World. Although this cybersecurity incident affected only restaurants off-site at Disney World, amusement park visitors need to be alert to any suspicious activity related to their payment cards.  

The data breach would have affected all payment cards used between March 13 and October 17, 2017 at affected restaurants. It is important to note that frequent user cards were not compromised during the incident.

After a number of rumors, the company released a statement related to the cybersecurity incident: “We are notifying our customers of an incident related to their payment card data security: this information would have been stolen due to an error in the payment devices used by our staff.”

The company added that they identified a variant of malware for the theft of payment card data present in its networks, although they claim that their points of sale have end-to-end encryption technology, so even though this information was compromised it is useless for the hackers as they found it.

Even when the exposed information is encrypted, making it unreadable to hackers, cybersecurity specialists recommend to all those who have used their payment cards at a Landry’s restaurant to take some steps to protect themselves completely from any malicious activity related to this data breach.

One of the main protection measures in cases like this is the activation of a credit monitoring and fraud prevention service. If the company that suffered the data breach has not offered it to its users, it is recommended to activate it individually, in addition to constantly checking your statements for any suspicious transactions.

The International Institute of Cyber Security (IICS) also recommends enabling security alerts so that credit companies identify suspicious activity in real time, greatly reducing the time margin for criminals to deploy fraudulent transactions using stolen bank details.