Skip to main content

2 million diners hit by malware attack at restaurants across U.S.

Diners at restaurants that include Buca di Beppo, Planet Hollywood, and Earl of Sandwich have been hit by a credit card breach involving compromised point-of-sales systems, parent company Earl Enterprises has revealed.

The company confirmed the breach more than a month after high-profile security researcher Brian Krebs contacted Buca di Beppo with information that customer data was being sold by cybercriminals on the dark web. Krebs’ research suggested the breach involved around 2.15 million payment cards used at the Earl Enterprises’ food outlets across the country.

Recommended Videos

According to a statement on its website, Earl Enterprises said it had recently become aware of a breach “potentially affecting payment card information” linked to customers who visited Buca di Beppo, Planet Hollywood, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria between May 23, 2018, and March 18, 2019.

Earl Enterprises said it seems that unauthorized individuals installed malicious software on some point-of-sale systems at a number of its restaurants. The malware stayed on the machines for up to 10 months, capturing payment card data that may have included credit and debit card numbers, expiration dates and, in some cases, cardholder names.

The company reassured its customers that the incident has “now been contained,” adding that it’s working on additional security measures to help prevent a similar incident from happening again. Several cybersecurity firms are currently working on the investigation, with federal law enforcement officials also involved.

Customers who believe they may be affected are being advised to carefully review their credit and debit card account statements “as soon as possible” for suspicious charges or activity.

“As a best practice, we urge you to remain vigilant and continue to monitor statements for unusual activity going forward,” the company said. “If you see anything you do not recognize, you should immediately notify the issuer of the credit or debit card.”

It added: “In instances of payment card fraud, it is important to note that cardholders are typically not responsible for any fraudulent activity that is reported in a timely fashion.”

More information — including which specific restaurant locations were targeted in the malware attack — can be found on Earl Enterprises’ statement page.

Cybercriminals who gather the data usually attempt to sell it on, with buyers hoping to use the data to create counterfeit cards for spending sprees before the owner notices and cancels the card.

The latest breach follows a string of high-profile hacks in recent months affecting millions of people and multiple businesses and services.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Andor season 2 is coming sooner than a lot of Star Wars fans thought
Cassian stands by a hillside in Andor season 1.

It looks like Lucasfilm may have accidentally revealed the long-awaited premiere date for Andor season 2, and on the Disney+ mobile app, no less. Early Saturday morning, some eagle-eyed users noticed a new date attached to the bottom of the app's Andor streaming tile. The date in question promises that Andor season 2 is coming April 22, 2025.

It isn't just possible but likely that this Disney+ update was made earlier than Lucasfilm planned. Not only was it added to the streaming service's mobile app with no accompanying announcement or comment from Lucasfilm, but Disney is also in the midst of hosting its D23 Brazil convention this weekend. The event has already given fans their first look at Diego Luna's Cassian Andor in Andor season 2, and it's possible that the show's return date was being saved for D23 Brazil as well.

Read more
A hidden iOS 18.1 upgrade made it harder to extract data from iPhones
A person holding the Apple iPhone 16 Plus.

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.

Read more
Mazda confirms a hybrid CX-5 and electric SUV are on the way
mazda hybrid cx 5 electric suv 2024 arata concept 4

Mazda might be making headway in the pursuit of bringing back an electric vehicle (EV) stateside.

Ever since it discontinued the MX-30 EV in the U.S. last year, the Japanese automaker has had zero EV offerings for potential U.S. customers.

Read more