Truluck’s Seafood, Steak & Crab House reports data breach at 8 of its restaurants

• The incident occurred between November 21, 2018, and December 8, 2018.
• Malware was inserted into the point-of-sale systems at the affected restaurants to gain unauthorized access.

The Houston-based chain restaurant, Truluck’s Seafood, Steak & Crab House has announced a data breach that may have resulted in the compromise of credit card information of its customers. The data breach has impacted 8 of its restaurants located at in Austin, Houston, Naples, Southlake, and Chicago.

What happened?

In a data breach notification, the restaurant disclosed that it was contacted by the FBI about potential unauthorized access to one of its servers. The incident occurred between November 21, 2018, and December 8, 2018. It is believed that malware was injected into the point-of-sale systems at the affected restaurants to gain unauthorized access. The malware was used to capture customer payment card information used for purchases.

“Through this investigation, Truluck’s confirmed, on or about December 19, 2018, that an unauthorized actor inserted malware into the point of sale systems at eight restaurants to capture customer payment card information used for purchases. Cards used at the Austin (Downtown) location could have been captured between November 4, 2018, and December 8, 2018,” said the organization in its report

Information compromised

The information compromised in the breach includes the credit or debit card numbers and expiry dates. However, the company confirmed that no names and addresses were exposed in the breach as Truluck’s does not store that information.

In the wake of the incident, Truluck’s has shared the details of the breach on its website to inform its customers. It has also urged customers to review their account statements and monitor credit reports for suspicious transactions.