Last week, Earl Enterprises admitted having suffered a payment card data breach from tens of its restaurants over a period of 10 months.

Earl Enterprises admitted that hackers have stolen payment card data from tens of its restaurants over a period of 10 months.

Restaurants at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria owned by Earl Enterprises were impacted by the security breach. An investigation confirmed that almost all the Buca di Beppo locations across the United States have been affected by the breach. The incident also impacted many other locations belonging to the other brands of the Earl Enterprises holding.

Crooks used a PoS malware to syphon payment card data from point-of-sale (PoS) systems at the affected locations. The malicious code was designed to capture card numbers, expiration dates and cardholder names.

Customers that made payment at the impacted locations between May 23, 2018 and March 18, 2019, may be affected. Earl Enterprises published a notice of breach that allows users to discover potentially affected restaurants.

“Earl Enterprises recently became aware of a data security incident potentially affecting payment card information of a limited number of guests that dined at certain of Earl Enterprises’ restaurants. Potentially affected restaurants include the following brands: Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria.” reads the data breach notification. “We are providing this notice to our guests to inform them of the incident and steps they can take to help protect themselves. The security and privacy of our guests’ payment card data is a top priority, and Earl Enterprises deeply regrets that this incident occurred.”

According to the data breach notification, Planet Hollywood hotels or stores Bertucci’s, neither were Seaside on the Pier and Café Hollywood brands were not affected.

“This incident may affect payment card information of a limited number of guests that dined at certain of Earl Enterprises’ restaurants. Payment card information could have included credit and debit card numbers, expiration dates and, in some cases, cardholder names.” continues the notice.

The company confirmed that locations outside of the United States were not affected.

Unfortunately, the stolen data may be already available on the cyber crime underground. The popular investigator Brian Krebs reported that, on February 20, the black marketplace Joker’s Stash had offered for sale roughly 2.15 million stolen cards that appeared to have been stolen from Earl Enterprises restaurants .

Krebs reported its discovery to Earl Enterprises that quickly launched an investigation with the support of two cybersecurity firms and feds.

Pierluigi Paganini

( SecurityAffairs – Earl Enterprises, hacking)

Share this...

Linkedin Reddit Pinterest

Share On