Avast Blog_Security News: Data breach affects Planet Hollywood, Buca di Beppo custome

[harlan4096]

2 million credit and debit cards available on the dark web for weeks.

Earl Enterprises — the parent company of famed Planet Hollywood and Buca di Beppo restaurant chains — last week admitted to suffering a payment card data breach over a 10-month period.

Unauthorized individuals had installed a point-of-sale (POS) malware designed to steal over 2.15 million credit and debit card numbers, expiration dates, and, in some cases, cardholder names from the memory of an infected system.

The Florida-based company said the security breach affected guests who dined at various locations of Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy, Mixology, or Tequila Taqueria restaurants between May 23, 2018 and March 18, 2019.

Earl Enterprises reportedly knew about a data breach but only revealed it at the end of March 2019.

“In the last 3 years, U.S. hotels and restaurants have been heavily targeted by point-of-sale malware. These POS terminals are just computers, and are easily susceptible to attacks if they’re not properly protected,” comments Luis Corrons, Avast security evangelist. “As hoteliers and retailers expand into various territories, it’s common for their infrastructure and devices to be managed remotely. Attackers will use phishing techniques to obtain credentials, therefore compromising a number of POS terminals in an automated way.”

Orders paid online using third-party apps or platforms, and made at Earl Enterprises’ other chains (Bertucci’s, Café Hollywood and Seaside on the Pier), are not affected.

The discovery

Two million credit and debit card numbers belonging to the company’s customers were found being marketed and sold on the dark web in February 2019. Buca di Beppo was first notified about the breach, but it wasn’t until a month later that Earl Enterprises announced it had rectified a 10-month breach of its payment systems across dozens of its restaurants.

While the hospitality firm did not respond to specific requests about how many customers in total may have been affected, Earl Enterprises directed concerned customers to an online tool to look up if a location they had visited was one of the potentially affected restaurants.

According to Earl Enterprises, it launched an internal investigation and is working with federal law enforcement officials on the matter.

About the malware

Hackers have many tactics up their sleeves to spread malware. But when it comes to placing POS malware, cybercriminals can do one of two things. Typically, they would physically alter a POS device or exploit a vulnerability over the target’s network (such as a retailers’ use of default credentials on remote administration utilities). Once compromised, bad actors can breach POS systems and plant malware in seconds.

POS malware remains a powerful tool to exfiltrate data and, in this case, as a memory grabber to harvest credit and debit card numbers, expiration dates, and cardholder names.

Continue Reading