Around 2 million people who dine at Planet Hollywood, Buca di Beppo, and Earl of Sandwich and other restaurants may have fallen victims to a credit card data breach, said the parent company Earl Enterprises,
In its statement, the group of companies confirmed the potential malware attack that compromised point-of-sale (POS) systems of at least six of its restaurants between May 23, 2018, and March 18, 2019.
This confirmation comes after Brian Krebs, a high-profile security researcher, contacted Buca di Beppo saying that hackers had sold customer data that included card numbers, expiration dates and cardholder names on the dark web. Kreb’s research revealed that the data theft involved around 2.15 million cards used to pay for food outlets of Earl Enterprises all over the country.
The parent company said it is likely that unauthorized individuals installed malicious software on some POS systems at some of its restaurants. The malware remained in the machines for nearly 10 months,
Earl Enterprises reassured its customers that this breach has “now been contained” while announcing it’s working to beef up its security to help avoid a similar incident from taking place again. Many cybersecurity firms are currently working on the investigation, including federal law enforcement officials.
The company also said customers who paid for orders online through third parties should not worry because the malware was localized.
Experts advise customers who believe they might be affected to thoroughly review the account statements of their credit and debit card at once for suspicious charges.
Cybercriminals who collect the data usually sell it on the dark web, with buyers attempting to use the customer information to create fake cards for spending at huge costs before the owner finds out and cancels the card.
Data breaches have affected many big corporations. British Airways and Marriott were among the corporations impacted in 2018.