The data has been on the black market for weeks.
More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood’s presences in Las Vegas, New York City and Orlando. It’s a fairly large data breach — KrebsOnSecurity discovered that a trove of 2.15 million cards were on sale in the black market as of February.
The affected data doesn’t include online orders or some of Earl’s other chains (Bertucci’s, Café Hollywood and Seaside on the Pier), but does include sensitive info like card numbers, customer names and expiration dates.
Earl said the breach was “contained” and that you shouldn’t be at risk if you visit today. However, the timing is less than ideal — 10 months is a long time for intruders to have access to sensitive payment details. It’s also uncertain if there were other cards beyond those up for sale. Either way, the incident makes a case for strong data breach disclosure policies. A timely, clear response can potentially prevent data from falling into the wrong hands, or at least minimize the damage.