Data breach affects Planet Hollywood, Buca di Beppo customers

2 million credit and debit cards available on the dark web for weeks.

Earl Enterprises — the parent company of famed Planet Hollywood and Buca di Beppo restaurant chains — last week admitted to suffering a payment card data breach over a 10-month period.

Unauthorized individuals had installed a point-of-sale (POS) malware designed to steal over 2.15 million credit and debit card numbers, expiration dates, and, in some cases, cardholder names from the memory of an infected system.

The Florida-based company said the security breach affected guests who dined at various locations of Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy, Mixology, or Tequila Taqueria restaurants between May 23, 2018 and March 18, 2019.

Earl Enterprises reportedly knew about a data breach but only revealed it at the end of March 2019.

“In the last 3 years, U.S. hotels and restaurants have been heavily targeted by point-of-sale malware. These POS terminals are just computers, and are easily susceptible to attacks if they’re not properly protected,” comments Luis Corrons, Avast security evangelist. “As hoteliers and retailers expand into various territories, it’s common for their infrastructure and devices to be managed remotely. Attackers will use phishing techniques to obtain credentials, therefore compromising a number of POS terminals in an automated way.”

Orders paid online using third-party apps or platforms, and made at Earl Enterprises’ other chains (Bertucci’s, Café Hollywood and Seaside on the Pier), are not affected.

The discovery

Two million credit and debit card numbers belonging to the company’s customers were found being marketed and sold on the dark web in February 2019. Buca di Beppo was first notified about the breach, but it wasn’t until a month later that Earl Enterprises announced it had rectified a 10-month breach of its payment systems across dozens of its restaurants.

While the hospitality firm did not respond to specific requests about how many customers in total may have been affected, Earl Enterprises directed concerned customers to an online tool to look up if a location they had visited was one of the potentially affected restaurants.

According to Earl Enterprises, it launched an internal investigation and is working with federal law enforcement officials on the matter.

About the malware

Hackers have many tactics up their sleeves to spread malware. But when it comes to placing POS malware, cybercriminals can do one of two things. Typically, they would physically alter a POS device or exploit a vulnerability over the target’s network (such as a retailers’ use of default credentials on remote administration utilities). Once compromised, bad actors can breach POS systems and plant malware in seconds.

POS malware remains a powerful tool to exfiltrate data and, in this case, as a memory grabber to harvest credit and debit card numbers, expiration dates, and cardholder names.

What should you do?

The incident has been “contained” according to Earl Enterprises. They’ve also created a dedicated call center toll-free at 888-437-2399 and an FAQ for dining guests to obtain additional information.

It’s important to review your credit and debit card statements from the past year for any odd transactions you didn’t make or approve. Contact your bank or card issuer immediately if you find any suspicious activity, and request a new card and account number.

Under federal law, victims of credit card breaches are not responsible for any fraudulent activity that is reported in a timely fashion. For debit cards, you have limited liability as long as you report the fraud promptly. You can also place a yearlong security freeze or fraud alert on credit reports.

Considering that hackers had access to sensitive payment details for 10 months, the case remains for strong data breach disclosure policies.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.

Related articles

--> -->