A point-of-sale data breach allegedly discovered a month ago and just now admitted, exposed two million credit cards belonging to diners of Earl Enterprises restaurants.
KrebsOnSecurity claims to have contacted the Italian restaurant chain that owns Buca di Beppo, Earl of Sandwich, Planet Hollywood and other restaurant brands, on Feb. 21, 2019, after finding evidence that the stolen payment cards were being sold on cybercrime underground sites.
On March 29, Earl Enterprises officially announced the breach.
“Once we learned of a potential incident, we promptly launched an internal investigation and engaged two leading cybersecurity firms,” the company said in the statement. “As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them.”
Although the dates vary by location, customers who used their payment cards at the affected locations between May 23, 2018 and March 18, 2019 may have had their information compromised.
Virtually all 67 Buca di Beppo locations in the United States; some of the 31 Earl of Sandwich locations; and Planet Hollywood locations in Las Vegas, New York City and Orlando were affected along with Tequila Taqueria in Las Vegas; Chicken Guy! in Disney Springs, Fla.; and Mixology in Los Angeles.