More Than 100 U.S. Restaurants Had Their POS Systems Compromised

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Back in January, we reported about three data dumps of credit card info that was on sale on hacking forums. One of these dumps was advertised as “perfect pure fresh”, denoting that they were the result of undisclosed breaches, and contained credit card payment account details from 40 U.S. states. Back then, no one knew where this data was acquired from, or even if the dump was really valid. As reported by “KrebsonSecurity”, the mystery has now been solved, and the credit card data derives from the activity of malware that was planted in the POS machines of restaurants owned by Earl Enterprises.

This means that the impacted restaurants are all of the 67 US-based “Buca di Beppo” Italian food branches, many of the “Planet Hollywood” restaurants that are located in Las Vegas, New York, and Orlando, and five “Earl of Sandwich” points around the country. In addition to these, the list of impacted POS terminals includes a “Tequila Taqueria” shop in Las Vegas, a “Chicken Guy!” in Disney Springs and a “Mixology” bar in Los Angeles. If you have paid with your credit card in one of the potentially affected restaurants, you should freeze your accounts immediately, as the associated data has already been on sale on the Joker’s Stash for over a month now. Moreover, you should follow the information about identity theft protection in Earl Enterprise’s official statement about the incident.

The company has not disclosed the actual number of the people who have had their information stolen, contenting themselves to characterize it “limited”. However, they did reveal what type of data the planted malware could extract, and this includes credit and debit card numbers, expiration dates, and even cardholder names. Moreover, they clarified that the customers who were most likely affected are those who have made purchases between May 23, 2018, and March 18, 2019. Those who have made online orders and paid with a card are not affected by this incident, as it only concerns POS payments.

Malicious actors and buyers of these dumps are using the data to create cloned cards and make purchases from stores. As the PINs of the cards have not been leaked, no withdrawals can be made with this information. Still, you should continue to monitor the activity of your card and quickly report any charges that you don’t recognize.

Do you trust outdated POS terminals with your card payment information? Share your thoughts in the comments section below, and don’t forget to like and subscribe on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: