DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

So your payment card hasn’t been misused after you used it at Planet Hollywood or Buca di Beppo? Don’t breathe a sigh of relief just yet.

Posted on April 2, 2019 by Dissent

Several days ago, Earl Enterprises, the hospitality industry firm behind several well-known restaurant brands like Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria  announced a security breach of its payment card processing systems. Their announcement came as no surprise to Brian Krebs, who had found Buca di Beppo customer card data for sale on Joker’s Stash and had alerted Buca di Beppo to it on February 21.

While Krebs was notifying Buca di Beppo, Gemini Advisory, who had also noted the major update to Joker’s Stash, was independently analyzing the data. By February 22, they were notifying law enforcement and financial institutions.

In a statement to DataBreaches.net yesterday, Stas Alforov, Gemini Advisory’s Director of Research, notes that although the marketplace operators claimed the full exposure of 2.1 million payment cards (a number that Krebs also reported), Gemini’s telemetry data indicates that from February 21 to the present, less than 500,000 cards have been posted for sale with a total cost of over $13 million USD.

Gemini analysts assess, with a moderate degree of confidence, that JokerStash (the threat actor) has access to 2.1 million compromised payment cards from Earl Enterprises and will likely continue posting the compromised payment card data as long as it maintains a “high validity” rate (i.e., as long as purchasers report successfully cashing out the compromised records).

Gemini’s analysis also indicated that more than 70 of Earl Enterprises’ physical locations were affected, with Buca di Beppo having the most locations impacted.  Gemini’s estimate of number of locations affected is based on the card records actually put up for sale. Other sources appear to be reporting more than 100 locations.

Gemini’s analysis by region revealed that for the cards already listed for sale:

  • The highest exposure of victim cards came from Orlando, Florida (affecting, in descending order: Earl of Sandwich, Chicken Guy, Planet Hollywood, and Buca di Beppo);
  • The second highest exposure of victim cards came from Las Vegas, Nevada (affecting Buca di Beppo, Earl of Sandwich, Planet Hollywood, and Tequila Taqueria); and
  • The third highest exposure of victim cards came from New York City, New York (affecting Buca di Beppo, Earl of Sandwich, and Planet Hollywood).

But if you dined at any  Earl Enterprise restaurant between May 23, 2018 and March 18, 2019, and used a debit or credit card that hasn’t been misused, it may be that your card number was compromised but has not been put up for sale yet.

You can find out if a restaurant you dined at was affected by looking up the state, city, and name of restaurant on a pull-down menu on Earl Enterprise’s incident FAQ.

No related posts.

Category: Breach IncidentsBusiness SectorMalwareOf Note

Post navigation

← Michigan practice folds after cyberattackers wipe out all their files
Georgia Tech says data breach exposed info of 1.3 million people Updated: Apr 2, 2019 – 12:21 PM →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.