Cyber attack sees 2.15 million card details stolen from Planet Hollywood parent company

Millions of cards were sold on the black market over the course of a 10-month period

binary on a screen with words 'hacking attack'

Around 2.15 million credit and debit cards were sold on the black market after hackers used malicious software on point-of-sale systems in some Earl Enterprises restaurants between May 2018 and March 2019.

"The incident has now been contained, and the company continues to work diligently with security experts on further remediation efforts," the company said in a statement. "As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them."

"Based on the investigation, it appears that unauthorized individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises' restaurants." 

How the malware got into the point-of-sales systems in the first place remains unknown and is likely an area the investigation by Earl Enterprises will scrutinise. 

Advertisement - Article continues below
Advertisement - Article continues below

Earl Enterprises is the parent company of Planet Hollywood, which may have been affected by the breach in three cities (New York, Las Vegas and Orlando). Other potentially affected brands include Buca di Beppo, Earl of Sandwich, Mixology, Chicken Guy! and Tequila Taqueria. Buca di Beppo was hit particularly hard.

KrebsOnSecurity, contacted Buca di Beppo after determining that many of the restaurant's locations were involved in a data breach. It traced a large batch of stolen cards that appeared on Joker's Stash, a site that sells stolen bank cards, back to the company. 

An analysis of the batch, nicknamed the "DaVinci Breach", revealed that the zip codes and cities from which the cards were stolen matched up with locations of Earl Enterprises restaurants. KrebsOnSecurity contacted Buca di Beppo in February about the suspected hack, and the company announced it recognised the 10-month breach on 29 March. 

The dates in which each restaurant was breached vary. No locations outside of the United States were involved.

The malware collected card numbers, expiration dates and possibly even cardholder names. However, online orders placed through a third-party platform were not affected by the hack.

The company encouraged customers to review their bank statements and notify their bank in the case of suspicious activity. It has also released a list of potentially affected restaurants so customers can determine if their information could be at risk.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020