Landry's, Inc. Data Breach (2015)

Findings from the investigation show that criminal attackers were able to install a program on payment processing devices at certain of the Companies' restaurants, food and beverage outlets, spas, entertainment destinations, and managed properties. The program was designed to search for data from the magnetic stripe of payment cards that had been swiped (cardholder name, card number, expiration date and internal verification code) as the data was being routed through affected systems. Locations were affected at different times during one or both of the following periods: from May 4, 2014 through March 15, 2015 and from May 5, 2015 through December 3, 2015. In addition, the at-risk timeframe for a small percentage of locations includes the period from March 16, 2015 through May 4, 2015.