PSA: Earl Enterprises, the parent company of several restaurant chains including Planet Hollywood, posted notice of a severe data breach on Friday. According to the public announcement, hackers used malware installed on the point-of-sale systems of several of its restaurants to steal credit card information.
The data breach affected almost all Buca di Beppo locations, around 31 Earl of Sandwich restaurants, and Planet Hollywood in Las Vegas, New York City, and Orlando. It was initially brought to the attention of Earl Enterprises by Krebs on Security.
According to Krebs, on February 21 it "contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company's customers were being sold in the cybercrime underground."
Earl Enterprises confirmed that between May 23, 2018, and March 18, 2019, several of its POS systems were infected with malware leading to the breach. In addition to the previously mentioned chains, Tequila Taqueria in Las Vegas; Chicken Guy! in Disney Springs, Florida; and Mixology in Los Angeles may have been affected as well. In total, at least 100 locations had transaction information stolen.
Only Earl Enterprises restaurants were affected. Other guest services like Planet Hollywood stores or hotels were not compromised.
The company says the breach was contained as of March 18. Earl Enterprises urges customers who may have dined at any of its locations between the dates in question to review their account statements for fraudulent activity.
It has also set up a restaurant finder on its notice webpage that you can use to find the location of a restaurant you may have visited and the date range that it was compromised.