The affected data doesn't include online orders or some of Earl's other chains (Bertucci's, Café Hollywood and Seaside on the Pier), but does include sensitive info like card numbers, customer names and expiration dates.

Earl said the breach was "contained" and that you shouldn't be at risk if you visit today. However, the timing is less than ideal -- 10 months is a long time for intruders to have access to sensitive payment details. It's also uncertain if there were other cards beyond those up for sale. Either way, the incident makes a case for strong data breach disclosure policies. A timely, clear response can potentially prevent data from falling into the wrong hands, or at least minimize the damage.