The parent company of restaurants such as Planet Hollywood, Buca di Beppo, and Mixology has confirmed that it experienced a security breach after security researchers found more than 2 million stolen credit card numbers being sold online.

KrebsOnSecurity says that it contacted the company in February after it discovered “strong evidence” that customer credit card and debit card numbers were being sold online. Hackers used “malware installed on its point-of-sale systems” to steal 2.15 million credit and debit card numbers, expiration dates, and some cardholder names from restaurant locations in 40 states.

Earl Enterprises says that the breach took place between May 23rd, 2018 and March 18th, 2019, and that “the incident has now been contained.” The breach impacted individual restaurant locations of Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria outlets. The company has since launched a website for customers to check if a location they had visited was one of the ones that was impacted. It also says that online orders were not impacted by the breach.

The company recommends that customers examine their statements for suspicious activity, and to notify their issuer if they find fraudulent transactions.