More Than 2M Customer Payment Cards Affected in Earl Enterprises 10-Month Long Data Breach
On March 29, Earl Enterprises, Inc. posted a statement on its website explaining that the company was involved in a 10-month long data breach affecting millions of customer payment cards – both credit and debit. The breach occurred from May 23, 2018 to March 18, 2019. Cards affected were those used to pay on the company's POS system. Online orders paid for online through third-party applications or platforms were not affected by this incident. Restaurants affected include: Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria. Brands that were not affected include: Bertucci’s, Seaside on the Pier and Café Hollywood. Additionally, Planet Hollywood Hotels and Resorts were not affected.
Krebs on Security said it contacted Buca di Beppo on February 21, 2019 when it noticed a large batch of payment cards were being sold online via the website Joker's Stash, "an underground shop that sells huge new batches of freshly-stolen credit and debit cards on a regular basis." According to Krebs on Security, it noticed on February 20th that Joker's Stash had moved a brand new batch of 2.15 million cards onto its site for sale. Krebs was able to determine, based on the restaurant locations of the stolen card data, that many of the cards belonged to Buca di Beppo customers.
According to Earl Enterprises, once it learned of the breach, it launched an internal investigation and partnered with two cybersecurity firms to find out what happened. It also notified and is working with federal law enforcement officials.
"Based on the investigation, it appears that unauthorized individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises’ restaurants," Earl Enterprises stated. "The incident has now been contained, and Earl Enterprises is continuing to work diligently with security experts on further remediation efforts. Moving forward, the company will continue to closely monitor its systems and take additional security measures to help prevent something like this from happening again in the future."