Catch Hospitality Group revealed that a point-of-sale (POS) malware incident might have exposed some of its customers’ data.
The restaurant and catering company launched an investigation and retained the services of a digital forensics firm after detecting unauthorized activity on its payment processing systems.
This investigation uncovered a malware operation that had affected some POS devices deployed at Catch NYC (including Catch Roof) and Catch Steak between September 17, 2019 and October 17, 2019.
Specifically, researchers determined that the incident might have exposed transactions on POS devices that waitstaff used to enter orders at the bar and other areas. Those transactions contained customers’ payment card details including their name, payment card number and expiration code.