Digital Transactions Authoritative, insightful and timely information for payments professionals
Mark the latest data breach as another conquest for hackers. Earl Enterprises, owner of the Buca di Beppo, Bertucci’s, Planet Hollywood, and the Earl of Sandwich restaurant chains, among others, said point-of-sale malware captured credit and debit card information from May 23, 2018, through March 18, 2019, at a variety of its locations.
Restaurants potentially affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! Mixology, and Tequila Taqueria. In addition to capturing credit and debit card numbers, the malware may have collected expiration dates and cardholder names, Earl Enterprises said in a statement released March 29.
The Orlando, Fla.-based company did not say how many consumers might have been affected by the breach, but KrebsOnSecurity.com, a security news Web site, said it found evidence that 2 million card numbers that appeared to originate from the breach were for sale on JokersStash.com, an underground e-commerce site. KrebsOnSecurity said it contacted Earl Enterprises in February when site owner Brian Krebs discovered the listing.
Earl Enterprises said the malware only affected in-store payments, and not online orders that were paid for online. “The incident has now been contained, and Earl Enterprises is continuing to work diligently with security experts on further remediation efforts,” the company said in its statement.
Earl Enterprises said it launched an internal investigation once it learned of the incident, through it did not say when that was, and that it hired two cybersecurity firms to investigate. It is working with law enforcement on the matter, the company said.
Earl Enterprises provided a tool for consumers to look up the locations of affected restaurants by state, city, and chain.
