UPDATED 22:17 EDT / APRIL 01 2019

SECURITY

2M+ customer records stolen in hack of Planet Hollywood’s parent company

Earl Enterprises Inc., the company behind Planet Hollywood and other restaurant chains, has admitted that customer data, including credit card details, has been stolen from its point of sales network.

Detailed first by KrebsOnSecurity Friday, the hack was discovered after a database with credit and debit card details belonging to the company’s customers was found in February being sold on the darknet, a shady part of the internet reachable with special software.

The data is said to have dated back 10 months, with Earl Enterprises subsequently confirming that the data related to a period between May 23, 2018 and March 18, 2019.

“The incident has now been contained and the company continues to work diligently with security experts on further remediation efforts,” the company said in a statement. “As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them.”

In what has become far too common, the hack involved the insertion of malware into the company’s POS network to intercept and steal payment data. What isn’t clear is whether the infection first came via a POS terminal or at the network level.

Some 67 Buca di Beppo restaurants in the U.S. were affected by the hack, along with a handful of Earl of Sandwich stores. Planet Hollywood locations in Las Vegas, New York City and Orlando were also infected as well as Tequila Taqueria in Las Vegas, Chicken Guy! in Disney Springs, Florida, and Mixology in Los Angeles. Earl Enterprises is encouraging customers to review accounts and credit reports.

Francis Dinha, chief executive officer of OpenVPN Inc., told SiliconANGLE that point-of-sale systems are particularly attractive to hackers because they can net a big payoff with little work.

“These systems contain some of the most valuable information out there — financial, business, and credit — which is incredibly lucrative for hackers,” Dinha explained. “Especially considering that, often, a hacker need only break through a single point of vulnerability on a POS system in order to access an expansive trove of data.”

Dinha noted that POS systems often come with a lot of vulnerabilities, in a large part because they’re infrequently updated.

“Many companies avoiding updating their POS systems to avoid the hassle, which leaves those systems unpatched and exposed to attacks,” Dinha said. “Plus, POS systems are often connected to a weak network — that is, they’re often connected to the same network that all your other applications are on.”

Photo: Loadmaster/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.