Cyber attack sees 2.15 million card details stolen from Planet Hollywood parent company

binary on a screen with words 'hacking attack'

Around 2.15 million credit and debit cards were sold on the black market after hackers used malicious software on point-of-sale systems in some Earl Enterprises restaurants between May 2018 and March 2019.

"The incident has now been contained, and the company continues to work diligently with security experts on further remediation efforts," the company said in a statement. "As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them."

"Based on the investigation, it appears that unauthorized individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises' restaurants."

How the malware got into the point-of-sales systems in the first place remains unknown and is likely an area the investigation by Earl Enterprises will scrutinise.

Earl Enterprises is the parent company of Planet Hollywood, which may have been affected by the breach in three cities (New York, Las Vegas and Orlando). Other potentially affected brands include Buca di Beppo, Earl of Sandwich, Mixology, Chicken Guy! and Tequila Taqueria. Buca di Beppo was hit particularly hard.

KrebsOnSecurity, contacted Buca di Beppo after determining that many of the restaurant's locations were involved in a data breach. It traced a large batch of stolen cards that appeared on Joker's Stash, a site that sells stolen bank cards, back to the company.

An analysis of the batch, nicknamed the "DaVinci Breach", revealed that the zip codes and cities from which the cards were stolen matched up with locations of Earl Enterprises restaurants. KrebsOnSecurity contacted Buca di Beppo in February about the suspected hack, and the company announced it recognised the 10-month breach on 29 March.

The dates in which each restaurant was breached vary. No locations outside of the United States were involved.

The malware collected card numbers, expiration dates and possibly even cardholder names. However, online orders placed through a third-party platform were not affected by the hack.

The company encouraged customers to review their bank statements and notify their bank in the case of suspicious activity. It has also released a list of potentially affected restaurants so customers can determine if their information could be at risk.