Several days ago, Earl Enterprises, the hospitality industry firm behind several well-known restaurant brands like Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria announced a security breach of its payment card processing systems. Their announcement came as no surprise to Brian Krebs, who had found Buca di Beppo customer card data for sale on Joker’s Stash and had alerted Buca di Beppo to it on February 21.
While Krebs was notifying Buca di Beppo, Gemini Advisory, who had also noted the major update to Joker’s Stash, was independently analyzing the data. By February 22, they were notifying law enforcement and financial institutions.
In a statement to DataBreaches.net yesterday, Stas Alforov, Gemini Advisory’s Director of Research, notes that although the marketplace operators claimed the full exposure of 2.1 million payment cards (a number that Krebs also reported), Gemini’s telemetry data indicates that from February 21 to the present, less than 500,000 cards have been posted for sale with a total cost of over $13 million USD.
Gemini analysts assess, with a moderate degree of confidence, that JokerStash (the threat actor) has access to 2.1 million compromised payment cards from Earl Enterprises and will likely continue posting the compromised payment card data as long as it maintains a “high validity” rate (i.e., as long as purchasers report successfully cashing out the compromised records).
Gemini’s analysis also indicated that more than 70 of Earl Enterprises’ physical locations were affected, with Buca di Beppo having the most locations impacted. Gemini’s estimate of number of locations affected is based on the card records actually put up for sale. Other sources appear to be reporting more than 100 locations.
Gemini’s analysis by region revealed that for the cards already listed for sale:
- The highest exposure of victim cards came from Orlando, Florida (affecting, in descending order: Earl of Sandwich, Chicken Guy, Planet Hollywood, and Buca di Beppo);
- The second highest exposure of victim cards came from Las Vegas, Nevada (affecting Buca di Beppo, Earl of Sandwich, Planet Hollywood, and Tequila Taqueria); and
- The third highest exposure of victim cards came from New York City, New York (affecting Buca di Beppo, Earl of Sandwich, and Planet Hollywood).
But if you dined at any Earl Enterprise restaurant between May 23, 2018 and March 18, 2019, and used a debit or credit card that hasn’t been misused, it may be that your card number was compromised but has not been put up for sale yet.
You can find out if a restaurant you dined at was affected by looking up the state, city, and name of restaurant on a pull-down menu on Earl Enterprise’s incident FAQ.