Earl Enterprises, the parent company of Planet Hollywood and other US restaurant chains, has admitted suffering a 10-month breach of customer payment card data.
The firm said in a notice on Friday that hackers installed POS malware at a number of restaurants including those operating under the brand names Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria.
“The malicious software was designed to capture payment card data, which could have included credit and debit card numbers, expiration dates and, in some cases, cardholder name,” it explained.
“Although the dates of potentially affected transactions vary by location, guests that used their payment cards at potentially affected locations between May 23, 2018 and March 18, 2019 may have been affected by this incident. Online orders paid for online through third-party applications or platforms were not affected by this incident.”
There was no indication from the hospitality firm how many customers had been affected, but reports suggest it could be over two million.
Security researcher Brian Krebs has claimed that the breach is linked to the appearance of 2.15 million stolen cards on the dark web back in February.
Known as the “Davinci Breach,” the data appeared on card forum Joker’s Stash.
This is just the latest in a rash of POS malware attacks that prove full EMV card migration is still some way off in the US.
Already so far this year we have seen a major breach at Huddle House restaurants across the country, a supply chain attack against POS solutions provider North County Business Products and the discovery of DMSniff, POS malware that uses DGA to maintain persistence.