In their particular case, the hack manifested itself in the form of malware installed on POS machines at selected properties the company managed. The rogue software on these machines allowed the hackers to scan the data on the magnetic stripes of credit cards to pull numbers, expiration dates, and other sensitive financial information.
As for root causes, given the widely dispersed nature of the breach, which occurred worldwide, at scattered locations, the conclusion is that the breach itself was a decentralized attack, and preyed upon the weaknesses of specific locations. The biggest single contributing factor at those locations proved to be merchants who were operating equipment tied to outdated and not updated operating systems.
Some of the locations were found to be using OSs for which Microsoft no longer provides security patches, while others were found simply to be slow to implement existing security patches to their software. Both cases underscore the very real need, and the difficulty in getting merchants to make the switch and upgrade to more protected systems.
Since the breach occurred, Landry’s has implemented new policies and has put a new emphasis on rolling out greater, end-to-end security features designed to minimize the chances of something like this occurring again. This, however, is small comfort to their customers who have already been impacted.
It also underscores the sad reality that even to this day, most companies are in reactive mode, rather than proactive mode where security threats are concerned. There’s a dangerous habit on display of doing nothing until a breach occurs, then rushing to plug the security holes. That does little to boost consumer confidence, and is a dangerous game of roulette to play where sensitive data is concerned.