Eataly, the high-end Italian food market that announced a payment system breach provided additional details in an update:
Eataly NY, LLC (“Eataly”) recently became aware of a personal information security incident possibly affecting certain individuals who made a payment card purchase at the Eataly NYC Retail Marketplace, located at 200 5th Avenue, New York, NY 10010 (the “NYC Marketplace”). We are providing this notice as a precaution to inform potentially affected customers of the incident and to call their attention to some steps they can take to help protect themselves. We sincerely apologize for any frustration or concern this may cause you.
Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software designed to capture payment card information on the computer systems used to process payment card transactions at the NYC Marketplace. We believe that the malware could have compromised payment card data (including name, payment card account number, card expiration date, and the CVV security code) of individuals who used a payment card at the NYC Marketplace between January 16, 2015 and April 2, 2015. If you made a payment card transaction at the NYC Marketplace during that timeframe, your payment card information may be at risk.
[…]
h/t Law360