Categories: SecurityWorkspace

Hackers Swipe Card Data From Planet Hollywood Parent

A major US restaurant firm has acknowledged a security breach after reports indicated more than 2 million payment cards had been stolen from the company’s customers and sold online.

But Earl Enterprises, which owns the Planet Hollywood restaurant chain, along with others including Earl of Sandwich, Bertucci’s and Buca di Beppo, faced questions after it emerged that the company took about one month to control the breach, after being alerted to it in February of this year.

The hack also lasted an unusually long time, roughly 10 months, beginning  in May of last year and continuing until 18 March, 2019.

Earl said hackers had installed malcious code on point-of-sale systems that allowed them to copy card details, and provided a tool allowing users to look up the locations of affected outlets.

Payment cards sold online

Online orders and those paid for via third-party platforms weren’t affected, Earl said.

The breach came to light after a trove of some 2.1 million credit and debit-card details went up for sale on a popular hacker forum in February, 2019.

Brian Krebs, a well-known computer security journalist, said he used postcode data to trace many of the stolen cards to outlets of Buca di Beppo that were located in small US towns, and informed the chain’s management.

Earl Enterprises’ tool indicates that nearly all 67 US Buca di Beppo locations were affected, along with a handful of Earl of Sandwich outlets, and Planet Hollywood restaurants in Las Vegas, New York City and Orlando.

Tequila Taqueria in Las Vegas, Chicken Guy in Disney Springs, Florida and Mixology in Los Angeles were also affected.

“Once we learned of a potential incident, we promptly launched an internal investigation and engaged two leading cybersecurity firms,” Earl Enterprises said in an advisor. “As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them.

Point-of-sale hack

“Based on the investigation, it appears that unauthorised individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises’ restaurants.”

Such hacks are typically caused by a remote breach of a payment system, which can allow attackers to seed large numbers of terminals with card-copying malware, security experts say.

“it is often possible to infect the entire network of terminals, as was the case in Sak’s Fifth Avenue last year; 5 million credit and debit card numbers were stolen from their systems, a breach originating from a phishing email,” said Positive Technologies cyber-security resilience lead Leigh-Anne Galloway.

She noted that while customers aren’t responsible for fraudulent purchases, banks don’t always spot fraud.

Consumers can protect themselves by keeping an eye on their accounts and setting transaction limits, she said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago