You’re probably aware of the security risks associated with using a credit or debit card. Offline and online, point of sale systems are hacked and compromised on a regular basis. It’s an alarming fact that we simply don’t know where the next attack will occur.
This time, the payment systems of a restaurant company that owns several national chains have been hacked. If you ever used your payment card on one of its restaurants, you should definitely contact your credit card provider and check your statements.
Read on and find out the details of the latest restaurant chain data breach. You’ll be shocked to learn how the company finally found out about it!
Earl Enterprises security breach
Earl Enterprises, the restaurant company which owns a number of national chains including Buca di Beppo, Planet Hollywood and Earl of Sandwich, acknowledged that it suffered a data breach caused by malware installed on its point-of-sale systems between May 23, 2018, and March 18, 2019.
How extensive was the hack? The 10-month long attack may have allowed hackers to steal the details of 2 million payment cards which could include credit and debit card numbers, expiration dates and even cardholder names.
Other restaurants affected were Chicken Guy! (in Florida), Mixology (in Los Angeles) and Tequila Taqueria (in Las Vegas).
Note: According to Earl Enterprises, Bertucci’s, Seaside on the Pier, Café Hollywood and Planet Hollywood hotels and resorts are NOT affected.
Additionally, online orders paid through third-party applications were also not affected.
What happened in this data breach?
According to security blog KrebsOnSecurity, they contacted the Italian restaurant chain Buca di Beppo on Feb. 21, 2019, after suspecting that a new batch of 2 million stolen credit and debit numbers sold in the dark web belonged to its customers.
Now, more than a month after Krebs’ notice and after an internal investigation, Earl Enterprise officially acknowledged that there was indeed a security breach at its restaurants that affected not just Buca di Beppo but its other national chains as well.
Based on the company’s investigation, hackers apparently managed to remotely install malicious software on point-of-sale systems at a number of Earl Enterprises’ restaurants. The malware then allowed them to capture the data stored on a physical payment card’s magnetic stripe used on the affected restaurants.
As usual, the scary part about breaches like this is that the companies typically do not have any clue that they were suffering from a security breach. In Earl Enterprises’ case, it took KrebsOnSecurity, a third-party security blog, to inform them of the possible attack.
Imagine that — for almost a year, hackers have been stealthily collecting credit card details in the affected restaurants without raising any red flags!
If you ate at any of the affected restaurants, here’s what’s next
Whenever a payment system breach like this occurs on an establishment that you patronize, you should be vigilant and do precautionary steps to protect yourself.
Earl Enterprises said that although the dates of the potentially affected payment card transactions vary by location, customers that used their payment cards at affected locations between May 23, 2018, and March 18, 2019, may be impacted by the breach.
Earl Enterprises also released an online tool that will help you look up potentially affected locations by state, city and date range.
Customers can also call Earl Enterprises’ dedicated line at 888-437-2399 between 9 a.m. to 9 p.m. (Eastern Time), Monday through Friday, for more information about the incident.
More vital steps you should take
Although using a payment card at these restaurants doesn’t automatically mean that your information was stolen, why even take the chance?
Review your credit and debit card account statements as soon as you can for unauthorized charges and activities you do not recognize. You should already be frequently checking your bank statements anyway, but if you see anything that seems out of the ordinary, report it immediately to your bank.
Next, keep your eye out for phishing scams, too. Scammers will try to piggyback on data breaches like this. Beware of phishing scams that pretend to be from affected companies like banks, credit bureaus, credit card companies and even the restaurant chains themselves.
Lastly, if you think you are already compromised, put a credit freeze on your accounts as soon as you can. Note: A credit freeze, also known as a security freeze, allows you to restrict access to your credit reports and scores provided by the three major credit bureaus.
If a credit freeze sounds too extreme for you due to the restrictions, try a fraud alert instead. When a fraud alert is in place, businesses requesting credit reports must contact you and verify your identity before a new account can be made.