Eataly NYC confirms data breach, customers card data exposed

Eataly NYC confirmed that New York retail location has been victim of a security incident, hackers used a PoS malware to steal customers’ card data.

The Italian food market Eataly has confirmed a data breach occurred earlier this year. According investigators the data breach could have exposed data related to payment cards over a four-month period.

Despite Eataly is a global food market, it seems that only the Eataly’s NYC Retail Marketplace was affected by the data breach.

“As many other retailers, our New York retail location has unfortunately been victim of a security incident. Based upon an extensive forensic investigation, it appears that criminals unscrupulously hacked our network system and installed a malware designed to capture payment card transaction data. We believe that the malware may have compromised the payment card transaction data of customers who made payment card purchases at the Eataly NYC Retail Marketplace, located at 200 5th Avenue, New York, NY 10010, between January 16, 2015 and April 2, 2015.” the Eataly company announced in a statement.

Unknown hackers compromised the company network by installing a PoS malware that was designed to steal customer credit card data, the malicious code was used to siphon data at Eataly location between January 16, 2015 and April 2, 2015.


Eataly hired forensic experts to assist in the investigation and sanitize its systems. As of now, the incident seems to have been contained and the malware removed from the company PoS systems. The company is offering one year of fraud resolution and identity protection to its customers, they just need to sign the free service by sending an email to

“We are advising all potentially affected customers who made payment card purchases at the Eataly NYC Retail Marketplace during the relevant timeframe to check their bank accounts very carefully and immediately report any suspicious charges or activity to their banks and card issuers. In addition, we are offering one year of complimentary fraud resolution and identity protection services to each of our customers who were potentially affected by this incident.” continues the advisory.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase