Back to Data breach

Data breach

Earl Enterprises restaurants fall victim to massive data breach.

earl-enterprises-credit-card-data-breach

On March 29, 2019, Earl Enterprises, the parent company of restaurants Buca di Beppo, Planet Hollywood, Earl of Sandwich, and others, reported that payment card details of users who dined at some of its outlets were stolen. Hackers planted malware in its point-of-sale systems to harvest payment card data. The stolen data includes personal and financial information such as credit and debit card numbers, expiration dates and, in some cases, cardholder names.

The incident.

The security breach affected customers who used their credit or debit cards at any of the six impacted restaurants—Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria—between May 23, 2018 and March 19, 2019. Customers who paid online for orders through third-party applications were not affected by this incident.

Earl Enterprises released a data breach notice on their website which also provided a way for customers to check if they ate at an affected restaurant.

What did they do?

According to a report in KrebsOnSecurity, investigative journalist Brian Krebs discovered evidence in February that payment card numbers that were stolen from Earl Enterprises were being sold on the dark web. The team immediately notified Earl Enterprises. The restaurant chain hired two cybersecurity firms to conduct a thorough investigation. They are also planning to monitor their systems closely and take additional security measures to prevent similar incidents in the future. Earl Enterprises has notified law enforcement and advised affected customers to remain watchful and inspect their card statements for any suspicious activity.

Threats are everywhere, and it's important for your business to be prepared for such incidents. If you want to avoid disasters like these and stay out of the news for the wrong reasons, investing in a good SIEM solution is the key. Download ManageEngine Log360 to combat internal and external security attacks.

Here's how ManageEngine can help.

Log360, our comprehensive security information and event management (SIEM) solution, can help your organization by:

  • Alerting security teams in real time about events that require their immediate attention, such as network attacks, unauthorized access attempts to file or folders, security group membership changes, and account lockouts.
  • Detecting unauthorized network access attempts with its built-in Structured Threat Information eXpression (STIX/TAXII) feeds processor. Log360 also has a global IP threat database that can instantly detect known malicious traffic passing through the network as well as outbound connections to malicious domains and callback servers. The global IP threat database contains more than 600 million blacklisted IP addresses that are collected from trusted open sources and updated daily.
  • Finding potential insider threats with the user and entity behavior analytics engine, which creates a baseline of normal activities that are specific to each user and notifies security personnel instantly when there's a deviation from this norm. Rather than using static threshold values, this tool employs a combination of data analytics and machine learning to define dynamic thresholds based on real-world user behavior.
  • Obtaining important forensic information about incidents. The collected logs can be securely archived to help prove adherence to compliance standards and reduce potential legal penalties during investigations.
  • Automatically raising incidents as tickets to the designated administrator in ServiceDesk Plus, JIRA, Zendesk, Kayako, or ServiceNow to create an incident resolution process that's swift and accountable.
  • Fulfilling GDPR requirements by detecting data breaches and generating an incident analysis report that provides information on a breach's impact with the help of the real-time correlation engine.

Download a free trial of Log360 to see the tool in action for yourself.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.