Earl Enterprises, the owner of the US restaurant chain Buca Di Beppo, several Earl of Sandwich franchises and Planet Hollywood's Las Vegas, New York City and Orlando locations, has confirmed that cybercriminals used point-of-sale (POS) malware to obtain credit card data between May 2018 and March 2019.
The breach was first discovered by KrebsOnSecurity (opens in new tab) which found that a batch of around 2.15m stolen cards were made available for sale on the online shop Joker's Stash.
Joker's Stash regularly sells huge batches of new stolen credit and debit cards to cybercriminals online.
- The true cost of a data breach
- Nokia phones investigated over rumored data breach
- Houzz suffers major data breach
While the names of the companies breached are omitted, since the shop indexes their lists of stolen cards by the city or postcode of the store from which the card was stolen, KrebsOnSecurity was able to determine that Bucca di Beppo's data was stolen based on its store locations.
Earl Enterprises has now officially confirmed that a number of its restaurants were targeted by hackers and it explained the extent of the breach in a statement, saying:
“The malicious software was designed to capture payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder names. Although the dates of potentially affected transactions vary by location, guests that used their payment cards at potentially affected locations between May 23, 2018 and March 18, 2019 may have been affected by this incident.”
Fortunately, cards used in online orders were not affected by the breach but if you did happen to visit Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology or Tequila Taqueria in the last ten months, it is worth checking your bank statements for any suspicious transactions.
- We've also highlighted the best VPN