If you recently dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology or Tequila Taqueria and paid with plastic, your card information may have been compromised.
Earl Enterprises, the parent company of those restaurant chains, has notified customers of a “data security incident” that it said potentially affects payment card information of a “limited” number of customers.
The company said it recently became aware of the security incident and began an internal investigation with the help of two cybersecurity firms. As part of the investigation, the company said it has talked with federal law enforcement officials and is cooperating with federal investigators.
“The security and privacy of guests' payment card data is a top priority, and the company deeply regrets that this incident occurred,” Earl Enterprises said in a statement. “The incident has now been contained, and Earl Enterprises is working diligently with security experts on further remediation efforts.”
The company said it will closely monitor its systems and increase security measures for its payment networks.
The company says its investigation suggests hackers were able to install malware on some of its point-of-sale systems in some of its restaurants. The software then intercepted payment card information, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder names.
The company said it appears that payment cards used at its restaurants between May 23, 2018, and March 18, 2019, may have been affected by this incident. Orders placed online were not affected.
Reported a month ago
Meanwhile, Brian Krebs, who operates the KrebsOnSecurity blog, reports he contacted Buca di Beppo after discovering what he called “strong evidence” that some two million credit and debit card numbers belonging to the company’s customers were being sold on the dark web.
The 2 million figure comes from Krebs and has not been confirmed by Earl Enterprises. Krebs says he asked the company for confirmation but did not receive it.
The company has created this web page for customers who think they may have been affected by the data breach.
Consumers who have frequented the company’s restaurants in the past year should closely monitor credit card and bank account statements looking for suspicious activity. Should you spot an unauthorized charge contact the issuing institution right away.