Italian food market Eataly, popular among New Yorkers for its Italian cheeses, gourmet food and more, confirmed that hackers employing malware hacked the network used by the establishment to obtain and steal payment card information. The compromise of payment data was concluded to be highly likely after Eataly conducted a digital forensic investigation. The affected are customers who have used a payment card specifically at the Eataly NYC Retail Marketplace, 200 5th Avenue, New York, NY.
“Our New York retail location has unfortunately been victim of a security incident. Based upon an extensive forensic investigation, it appears that criminals unscrupulously hacked our network system and installed a malware designed to capture payment card transaction data. We believe that the malware may have compromised the payment card transaction data of customers who made payment card purchases,” the statement read.
A real-time breach.
In contrast to most cybersecurity vulnerabilities leading to data breaches, the company also added that the malware embedded within the network systems were intrusive in capturing the data in real time. Eataly does not store payment data or card information on its systems and the company confirmed the assistance of professional forensic experts to help with the investigation. Red flags were raised when a pattern was noticed among several employees who were shoppers at the eatery themselves, noticed fraudulent transactions on their credit cards. This led to the investigation and the subsequent confirmation of the data breach.
“As soon as we found out, we posted it on our website to make sure all of our customers were informed,” Executive Director of Human Resources Cleo Clarke said.
Here are the important highlights from the statement:
- Purchases made from card payments between January 16, 2015 and April 2, 2015 are affected and likely to be compromised.
- Eataly confirmed that the breach was contained and was limited to the Eataly NYC Retail marketplace alone and not any of its other establishments, restaurants and other global locations.
- Complimentary fraud resolution and identity theft protection services are available for Eataly customers who can sign up by emailing firstname.lastname@example.org.
“We added specific procedures, protocols to ensure that this does not happen again,” Clarke added.
Customers are encouraged to check their card statement and bank accounts during the specified time period to look for any suspicious charges.