Over 2 million credit cards have been compromised after hackers installed malware on point-of-sale systems for Earl Enterprises, a restaurant company that owns national chains like Buca di Beppo, Planet Hollywood, and Earl of Sandwich. The hacking occurred between May 23, 2018 and March 18, 2019, according to the company.
Krebs on Security was the first to notice that the hacked credit card information was being advertised on Joker’s Stash, an online forum where large batches of stolen credit card numbers are bought and sold.
The hack was verified in a statement from Earl Enterprises. The restaurants that have been affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria.
“Once we learned of a potential incident, we promptly launched an internal investigation and engaged two leading cybersecurity firms,” Earl Enterprises said in a statement. “As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them.”
“Based on the investigation, it appears that unauthorised individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises’ restaurants.”
Any customers who worry that they may have been included in the hack can check the online tool at Earl Enterprises and simply look up their state and the restaurant.
As Earl Enterprises explains, online orders through third-party applications were not affected. If you didn’t go to a location and only purchased $42 Planet Hollywood “wide cuffs” online, for example, your credit card should be safe. Why you purchased $42 Planet Hollywood wide cuffs in the first place may be something worth exploring however.
Other restaurants owned by Earl Enterprises, such as Bertucci’s, Seaside on the Pier, and Café Hollywood, were not affected by the hack. Planet Hollywood hotels and resorts were also not impacted, according to the restaurant company.