Deer Valley restaurants suffer security incident involving customers’ payment card information

• The incident impacted payment card data for all customers who dined at the Mariposa and the Royal Street Cafe locations between January 10 and January 28, 2019.
• The Mariposa and Royal Street Cafe suffered a security breach after an unauthorized third-party hacked their point-of-sale payment system and deployed a malware.

What is the issue?

Two restaurants at Deer Valley, the Mariposa and Royal Street Cafe, suffered a security breach after an unauthorized third-party hacked their point-of-sale payment system and deployed a malware.

What happened?

On May 17, 2019, the malware was detected on the payment processing system using by the Mariposa and Royal Street Café restaurants. The malware was designed to search for track data, read from the magnetic stripe of a payment card, and steal the data.

This incident impacted the payment card data for all customers who dined at the Mariposa and Royal Street Cafe locations between January 10 and January 28, 2019.

What actions were taken?

• Upon discovery, an extensive investigation was launched and immediate steps were taken to secure the payment system.
• Deer Valley resort notified the payment card networks, law enforcement, the payment application provider, and the support vendor about the incident.
• A forensic firm was also hired to assist in the investigation.
• After the investigation determined a malicious intrusion, the malware was immediately removed.
• The restaurants are now evaluating ways to enhance the security of payment card data.

“It is always advisable for guests to closely monitor their payment card statements for any unauthorized activity. Guests should immediately report any unauthorized charges to the card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner,” the security notice read.