Over 2.15 million customer credit cards were sold online from Buca di Beppo, Earl of Sandwich, Planet Hollywood, Tequila Taqueria, Chicken Guy!, and Mixology. The 10-month breach was between May 23, 2018 and March 18, 2019 and this data is currently being sold on the Dark Web.
The method used to compromise these companies was to infect the POS (Point-Of-Sales) terminals with malware that would capture the details of a credit card and send it to a remote server. This would only happen if your credit card was physically swiped on an infected terminal. The malicious actors did not breach any internal networks to gain access to this data, basically they were skimming the POS terminals.
Since the parent company, Earl Enterprises, is putting the burden of this breach on the card holders; it is recommended that you check for any fraudulent charges on your credit cards if you visited any of these restaurants between May 23, 2018 and March 18, 2019.
You can read the full story of the data breach here -> https://krebsonsecurity.com/2019/03/a-month-after-2-million-customer-cards-sold-online-buca-di-beppo-parent-admits-breach/
You can read the notice of the data breach and what stores were affected here (on their unsecure website) -> http://www.earlenterprise.com/incident/
I think it’s about time that all credit card companies mandate the use of tokenized based credit card transactions and do away with swiping your card. The technology is here and ready to go… Apple Pay, Google Pay, Samsung Pay. Too many retailers have the chip readers disabled and want you to swipe.
Why? Apple will be introducing a new credit card this summer and it’s pretty much virtual. They will be giving you a physical card, but the only thing on the card will be your name, the chip, and the magnetic strip (just in case). No card number, no CVV code, and no signature.
It’s the 21st century and we are still swiping our credit cards. Maybe we should get ‘old school’ and use carbon paper again! Click, Click…
By: Paul Kumagai | Sr. Security Architect | DarkHound SecOps