2m credit cards ripped off from restaurant chain, sold on the dark web

Earl Enterprise – the owner behind a slew of US restaurant chains – confirmed on Friday that one or more hackers had installed credit card slurping malware on point-of-sale (PoS) systems at a half dozen of its restaurant brands.

The company said that potentially affected restaurants include its brands Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria. It’s set up a look-up tool at this site that lets you search for affected locations by city, state and brand.

The company said that the malware was designed to capture payment card data, which may have included credit and debit card numbers, expiration dates and, in some cases, cardholder names.

The dates of potentially affected transactions vary by location, though overall, customers who used their payment cards at the potentially affected locations between 23 May 2018 and 18 March 2019 might have been affected. The malware didn’t affect orders paid for online through third-party applications or platforms.

Earl Enterprise said that the breach has now been contained and that it’s working with two cybersecurity firms on an internal investigation, as well as with federal law enforcement. It’s working “diligently” with security experts on further remediation, it said, and plans to closely monitor its systems and take additional security measures “to help prevent something like this from happening again in the future.”

Earl Enterprise first got a heads-up about the PoS malware back in February, when security journalist Brian Krebs contacted the company to let it know that he’d found a big cache of credit and debit card numbers belonging to the company’s customers that were being sold on the Dark Web.

Krebs asked Earl Enterprises how many customers in total may have been affected by the 10-month breach, but it didn’t respond. Krebs himself reports that he found about 2.15 million payment card details in a batch of stolen cards that an underground shop was calling the “Davinci Breach.”

Krebs had reached out to the executive team at Buca di Beppo in late February after determining that most of the restaurant’s locations were likely involved in a data breach that first turned up on Joker’s Stash: an underground carding shop that regularly sells batches of freshly ripped-off payment card details.

After carders buy those payment card details, they can then put all the legitimate card details onto the fresh magnetic stripe of a blank card, thereby cloning the card and using the counterfeit card to buy high-ticket items.

That’s actually the nature of fresh charges against Max Ray Vision, a computer security consultant turned hacker who was serving what was a record-setting, 13-year prison sentence for illegal hacking when he was sent away in 2010 but who racked up even more charges from behind bars. In December, the hacker, known as the “Iceman”, was charged with allegedly using a contraband cellphone to loot debit card accounts and to then fund a drone delivery of even more contraband dropped into a Louisiana prison yard.

Check your statements!

Earl Enterprise is urging customers to check their credit and debit card statements with an eye out for fraudulent charges. You’re not responsible for fraudulent charges, but card issuers aren’t necessarily going to tug your sleeve when one gets made on your account. That’s why it’s a good habit to regularly monitor statements for suspicious activity.

If you see something wonky, don’t hesitate to report it to the card issuer. We the people are typically not held responsible for fraudulent activity – reported in a timely fashion. Don’t delay, if you don’t want to get stuck paying for somebody else’s shopping spree.