SECURITY
SECURITY
SECURITY
2M+ customer records stolen in hack of Planet Hollywood’s parent company
Earl Enterprises Inc., the company behind Planet Hollywood and other restaurant chains, has admitted that customer data, including credit card details, has been stolen from its point of sales network.
Detailed first by KrebsOnSecurity Friday, the hack was discovered after a database with credit and debit card details belonging to the company’s customers was found in February being sold on the darknet, a shady part of the internet reachable with special software.
The data is said to have dated back 10 months, with Earl Enterprises subsequently confirming that the data related to a period between May 23, 2018 and March 18, 2019.
“The incident has now been contained and the company continues to work diligently with security experts on further remediation efforts,” the company said in a statement. “As part of the investigation, we have been in contact with federal law enforcement officials and are cooperating with them.”
In what has become far too common, the hack involved the insertion of malware into the company’s POS network to intercept and steal payment data. What isn’t clear is whether the infection first came via a POS terminal or at the network level.
Some 67 Buca di Beppo restaurants in the U.S. were affected by the hack, along with a handful of Earl of Sandwich stores. Planet Hollywood locations in Las Vegas, New York City and Orlando were also infected as well as Tequila Taqueria in Las Vegas, Chicken Guy! in Disney Springs, Florida, and Mixology in Los Angeles. Earl Enterprises is encouraging customers to review accounts and credit reports.
Francis Dinha, chief executive officer of OpenVPN Inc., told SiliconANGLE that point-of-sale systems are particularly attractive to hackers because they can net a big payoff with little work.
“These systems contain some of the most valuable information out there — financial, business, and credit — which is incredibly lucrative for hackers,” Dinha explained. “Especially considering that, often, a hacker need only break through a single point of vulnerability on a POS system in order to access an expansive trove of data.”
Dinha noted that POS systems often come with a lot of vulnerabilities, in a large part because they’re infrequently updated.
“Many companies avoiding updating their POS systems to avoid the hassle, which leaves those systems unpatched and exposed to attacks,” Dinha said. “Plus, POS systems are often connected to a weak network — that is, they’re often connected to the same network that all your other applications are on.”
Photo: Loadmaster/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
