Planet Hollywood Owner Suffers Major POS Data Breach (Apr 1, 2019)
Earl Enterprises, the parent company of several restaurants including Planet Hollywood and Buca di Beppo, announced that they have suffered a data breach. The company stated that their Point-of-Sales system was affected and that customer payment card data was breached for over 10 months between May 23, 2018, and March 18, 2019. Allegedly, online orders and transactions conducted via third-party applications or platforms were not affected. At the time of this writing, it is unclear how many customers have been affected, but it is suspected to be over two million. Many of the breached card credentials were discovered on the card forum, "Joker's Stash."
Recommendation: Customer-facing companies that store credit card data must actively defend against Point-of-Sale (POS) threats and stay on top of industry compliance requirements and regulations. All POS networks should be aggressively monitored for these types of threats. In the case of infection, the affected networks should be repopulated. The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.