Seen on the non-profit association’s web site:
Information on Data Compromise at Gateway Arch stores
On December 17, 2014, federal authorities alerted Jefferson National Parks Association that we may have been the victim of possible theft of payment card numbers at our two stores at the Gateway Arch: the Museum Store and Levee Mercantile. JNPA regrets any inconvenience this may have caused to our customers. Please note: other payment points at the Arch, including tram and movie ticketing, and riverboat excursions, are not affected. Customers with concerns may email JNPA at [email protected] or call us at 314-678-1516. You may also refer to this Media Notice (PDF) for additional information.
The media notice provides additional details, including that the malware appears to have been most active between early August 2014 and December 17, 2014, but
The method of malware infection is unclear. Investigators believe that the malware may have been installed as early as November 2013, when these terminals were physically located at other sites, specifically the Old Courthouse and U.S. Grant National Historic Site.