Skip to content

Lessons Learned #2: Earl Enterprises Data Breach

Security breaches have been a common news topic in recent years. Many organizations have suffered data security breaches that have impacted the company itself, along with its customers. This is the second blog post of our blog series on the topic of Lessons Learned. In our first article, we had a critical look at the BlackRock data breach and shared key takeaways for businesses. In this article, we review the Earl Enterprises data breach that occurred in March of 2019.


Earl Enterprises is a US-based business conglomerate, the parent company of Italian restaurant chain Buca di Beppo, that offers entertainment, leisure, tourism, hotel, and restaurant consultancy services. On March 29 of 2019, Earl Enterprises officially reported that the payment card details of customers who dined at some of its outlets were stolen. According to the details, cyber criminals planted malicious software on the point of sale systems (POS) or payment card “swipers” in restaurants owned by Earl Enterprises. The software was designed to collect payment card information such as card numbers, expiration dates, as well as cardholder names from the memory of an affected system.

The restaurants owned by Earl Enterprises include Planet Hollywood, Buca di Beppo, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria. Anyone who dined at any of these specified restaurants between May 23 of 2018 and March 18 of 2019 may have had their payment card information harvested by thieves.


Earl Enterprises did not reply to requests for specificities on how many customers may have been affected by this incident. Earl Enterprises advised affected customers to remain watchful, and hired 2 cyber security companies to conduct a thorough investigation of what went wrong and to which extent the restaurant data breach might have spread.

Krebsonsecurity has stated that a minimum of 2 million customers’ payment card information was exposed as a result of this breach. It also turned out that all 67 Buca di Beppo locations in the United States, and the Planet Hollywood locations in Las Vegas, New York, and Orlando were affected during this incident. In the event of any suspicious transaction found, Earl Enterprises recommended users to immediately inform its payment card issuer.

Key takeaways for businesses

POS malware is becoming increasingly common. We think that it would be beneficial to understand how the POS system works and what are the POS vulnerabilities in the first place.

Every POS system involves software and hardware components, both of which operate together in order to process sales and payment transactions at the time of purchase. The hardware side will differ depending on the specific business type. POS software is installed on POS hardware, and it is powered by either a local server or an internet connection. As the credit or debit card is swiped through the POS, the information stored on its magnetic strip is being transmitted for processing.

Needless to say, POS systems save time by streamlining several operations through a central system, and, to some extent, minimize human error with automated systems. But nevertheless, the criminals infect these systems with malicious malware for financial gain. Given that, we would like to share four practices you can follow to protect your POS system from being compromised.

  • Keep your POS software updated: if you have an old POS software, you could be heading for trouble. It is highly likely that outdated systems contain security vulnerabilities, thus consider upgrading your POS system.

  • Consider an endpoint protection product: some providers offer end-to-end protection of your POS endpoints and the network as well, stopping any comprehensive threat.

  • Deploy a firewall: some products are equipped with a firewall that offers industry-leading protection to block the latest advanced threats including ransomware, hacks, breaches, and advanced persistent threats.

  • Use chip readers: EMV technology used by chipped cards enables customers to avoid swiping. Technically, the chips in EMV cards produce a unique transaction code every time, making fraud more difficult as the payment details are hidden.

Looking for more insights like this?

Recent cases of data security breaches fill today’s headlines. All these breaches generate significant concerns for businesses. We understand that data security is proving to be increasingly difficult to manage, however, there are several measures you can take to stop data breach from happening to your organization. If you wish to receive more critical insights on this matter, feel free to download our whitepaper10 Most Interesting Data Breaches in 2019: Key Takeaways for Businesses. This exclusive material shows key takeaways for 10 different data breaches that happened in 2019. Overall, it is aimed to help organizations manage data breaches efficiently.