by Janna Herron, USA TODAY, usatoday.com
April 1, 2019
The parent company of the Planet Hollywood and Buca di Beppo restaurant chains said a 10-month data hack may have exposed the credit and debit card information of its diners.
Earl Enterprises has said the breach affects customers who visited various locations of Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy, Mixology or Tequila Taqueria restaurants between May 23, 2018, and March 18, 2019.
Orders paid online using third-party platforms were not part of the breach.
The company said that malicious software had been installed on its point-of-sale machines and was designed to capture card numbers, expiration dates and, in some cases, cardholder names.
The chain restaurant operator did not disclose how many customers were affected. But cybersecurity expert Brian Krebs said he found evidence that 2 million credit and debit cards numbers that belonged to Earl Enterprises customers were being marketed on the dark web.
Criminals can use the stolen information to create counterfeit cards to purchase high-priced items from other retailers, Krebs said on his blog post explaining the breach.
The good news is that it’s much harder for criminals to use that type of data to clone cards, thanks to the widespread use of chip cards, says Al Pascual, head of fraud and security at Javelin Strategy and Research, a research and consulting firm specializing in security.
“The data does not have as much value as before,” he says.
What should you do?
If you visited any of the affected chains, use the company’s online tool to find out if a specific location you visited was compromised by the breach. If so, set up alerts on your card, so you know each time your card is used.
Carefully review your credit and debit card statements from the past year for any odd charges you didn’t make. Contact your bank or credit card issuer if you find suspicious activity, so you can get a new card and account number.
Under federal law, you’re not responsible for any unauthorized credit card charges resulting from a breach. For debit cards, you have limited liability as long as you as report the fraud promptly.
Fortunately, the stolen information is not enough to open a new credit card or other loan accounts under your name. But it’s still smart to review your credit reports for any unauthorized accounts.
You can also place a yearlong fraud alert on your reports, which tells lenders to take extra steps to verify your identity before approving new credit in your name.