Cyber Incident Victim: Earl Enterprises

In May 2018, Earl Enterprises discovered a payment card data breach affecting multiple restaurant brands under its ownership, including Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, and Tequila Taqueria. Attackers deployed point-of-sale (PoS) malware designed to capture payment card numbers, expiration dates, and cardholder names from compromised systems. The breach persisted for approximately 10 months, with unauthorized access occurring between May 23, 2018, and March 2019. Forensic investigations confirmed that nearly all Buca di Beppo locations across the United States were compromised, along with numerous locations of the other affected brands. The malware specifically targeted PoS systems at restaurant premises, though Planet Hollywood hotels, Bertucci’s stores, Seaside on the Pier, and Café Hollywood locations were explicitly excluded from the impact. International operations remained unaffected.

Earl Enterprises initiated an investigation after external notification of suspicious activity, engaging two cybersecurity firms and federal law enforcement. The company issued a public breach notification acknowledging the theft of payment card data from a "limited number of guests" and provided guidance to affected customers regarding protective measures. While the exact volume of stolen records was not disclosed, the compromise exposed sensitive financial information across dozens of U.S. locations. No evidence confirmed misuse of the data at the time of disclosure, but the incident necessitated widespread fraud monitoring for impacted individuals. The company emphasized ongoing efforts to enhance security protocols but did not specify technical containment measures or malware attribution in available disclosures.