Attack Targeting POS Systems Steals 2 Million Credit Card Numbers
Earl Enterprises, the Orlando-based parent company of several popular restaurant chains, disclosed in April a yearlong security breach that resulted in two million stolen credit card numbers.
Earl Enterprises is the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich and several other eateries. All of its restaurants were impacted in some way when hackers installed malware on point of sale (POS) systems.
Cybersecurity journalist Brian Krebs discovered Buca di Beppo customers’ debit and credit card numbers being sold on an underground forum and notified the company. Earl Enterprises disclosed the breach one month after Kreb’s report.
The breach allowed cyberthieves to steal card information for a 10-month period between May 23, 2018 and March 18, 2019. It’s unclear exactly what information hackers stole but the software was designed to capture card numbers, expiration dates and cardholder names.
Dates and locations vary, but the breach appears to have impacted almost all 67 Buca di Beppo locations, a portion of the 31 Earl of Sandwich locations and Planet Hollywood locations in New York City, Orlando and Las Vegas. Earl Enterprises has not released how many total customers have been impacted, but Krebs linked the two million card numbers being sold to the breach.
Concerned customers are able to identify potentially affected restaurants through a tool on the company’s website. The page details the incident and suggests next steps for customers who think they may have been affected.
Earl Enterprises has resolved the issue, but did not release how they did so or the type of malware. This is common for security breaches to prevent hackers from improving the malware.
To place malware on a POS system, hackers must either physically install the malware on a POS device, or exploit a flaw in the system’s network. The malware scrapes data before it’s encrypted and sent to the payment processer.
Cyberthieves were selling the stolen card information on an underground site called Joker’s Stash. The site organizes stolen card information into batches by merchant, allowing criminals who purchased card information to return to the same batch for more numbers if successful. The ZIP code associated with the restaurant where the breach occurred helps criminals know which restaurants are supplying accurate information.
POS malware is an effective tool for stealing card information, and is especially popular for attacking the restaurant and hospitality industry. New types of malware continue to surface, and could run for years before being detected. Some continue to work after the domain is taken down or the problem appears to have been resolved. It’s also becoming easier for smaller hacking groups to establish their own scams rather than pay for card numbers.
At IDMI.Net, we are serious about securing our customers’ data. Whether we’re hosting your e-commerce site or company email accounts, you can trust us with your sensitive information. Find out more by contacting us today.