Malware May Have Stolen 2 Million Diners' Credit Card Details

Planet Hollywood and other signs in Times Square.Planet

Planet Hollywood customers who used a credit or debit card between May 2018 and March 2019 may have had their details stolen, the parent company said.

Roberto Machado Noa/LightRocket via Getty Images

People who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood and other restaurants between May 2018 and last month may have been hit by a malware attack, parent company Earl Enterprises said.

Its statement acknowledging the breach came weeks after security researcher Brian Krebs told Italian restaurant chain Buca di Beppo that customers' credit and debit cards were being sold on the dark web, as earlier reported by Digital Trends.

"Based on the investigation, it appears that unauthorized individuals installed malicious software on some point-of-sale systems at a certain number of Earl Enterprises' restaurants," the company wrote.

That malware could have stolen card numbers, expiration dates and cardholder names from people who used them at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy, Mixology and Tequila Taqueria between May 23, 2018, and March 18, 2019.

Now playing: Watch this: Here be monsters: A guide to the dark web

2:35

Data breaches have become increasingly common. Among the bigger names impacted in 2018 were British Airways and Marriott

Krebs noted that more than 2 million payment cards may have been impacted in the 10 months that the malware remained in the restaurants' systems. Earl Enterprises says 'the incident has now been contained." People who paid for orders online through third parties need not worry, since the malware was localized.

Details of all the affected restaurants are included in Earl Enterprises' statement, and the company is urging those who think they could've been hit to review their card statements immediately for any strange charges or activity. Those who do spot something should notify the card issuer immediately.

First published at 4:34 a.m. PT.
Update at 5:08 a.m. PT: Adds more detail.