In this article:
If you dined at any Buca di Beppo, Planet Hollywood, Earl of Sandwich, Chicken Guy!, Mixology or Tequila Taqueria restaurants between May 23, 2018, and March 18, 2019, your credit card or debit card information may have been compromised.
Earl Enterprises, the chain restaurants' parent company, recently confirmed the data breach after security researchers discovered more than 2 million credit card numbers from the company's customers being sold online.
What Happened?
On February 21, 2019, security researchers from KrebsonSecurity contacted Buca di Beppo with evidence that stolen credit card and debit card numbers from the restaurant's customers were being sold online. After an internal investigation, Earl Enterprises announced that cyber criminals had installed malware on its point-of-sale systems in various restaurant locations in the United States. About 100 restaurants were affected, ZDNet reports.
The malware allowed thieves to access payment information from debit and credit cards used in person at restaurants around the country. Potentially breached data includes card numbers, expiration dates and, in some cases, cardholder names. The company says that orders placed online were not impacted.
According to Earl Enterprises, the breach has been contained and the company is working with security experts to review its systems and implement additional security measures.
What If I've Eaten at One of These Restaurants?
To find out if a restaurant you've dined at has been affected, use the Earl Enterprises online tool. You can search by state, city and restaurant. You should also carefully review your debit and credit card statements for any suspicious charges or activity. If you do see charges you don't recognize, report them to your issuer immediately.
If you think your card information could have been impacted, there are some steps you can take to protect yourself going forward:
1. Update Your Debit and Credit Card Numbers
If you know what debit or credit card you used at an Earl Enterprises restaurant, call the issuer of that card to request a new account number. Simply explain that you want a new account number and PIN because you're afraid your data has been compromised; they will issue you new cards at no cost. You won't want to delay—this information can be sold and used quickly on the dark web. And even if your data has not been used by cyber criminals yet, it could be at a later date.
2. Monitor Your Account Activity
Keep an eye on your accounts for suspicious activity. Don't just blindly pay off your bills each month—be sure to eyeball your statements to make sure there aren't any unauthorized charges. You can also set up text and email alerts on your credit and debit accounts notifying you when they are used, which will update you in real time if there's an unauthorized purchase.
Be sure to report fraudulent charges immediately. You're not liable for fraudulent credit card transactions, but waiting too long to report a fraudulent debit card charge could leave you on the hook for up to $500.
3. Check Your Credit Reports
If you're concerned about your personally identifiable information being out there, you should check your free Experian credit report for errors or suspicious accounts. Run a free dark web scan as well to find out if information like your Social Security number, phone number or email addresses are on the dark web.
4. Amp Up Your Identity Protection
You may also consider filing a free initial fraud alert on your credit file that remains active for one year through the Experian fraud center. (File it with one of the three national credit bureaus—Experian, TransUnion or Equifax—and you're good to go because the bureaus will share such alerts with their counterparts.) The fraud alert notifies lenders pulling your credit report to take extra steps to verify your identity—a measure that can frustrate and dissuade identity thieves.
However, fraud alerts do not block access to your credit reports. One way to do that is to freeze your credit reports, a free measure that prevents lenders from issuing new credit in your name altogether.
Another way to protect yourself is through Experian CreditLock, a benefit offered by Experian's CreditWorksSM and IdentityWorksSM products, which:
- Allows you to easily lock or unlock your report in real time, with no waiting period.
- Provides daily monitoring of your credit file, which means you will be alerted about any key changes, including new account openings.
- Provides up to $1 million in identity theft insurance: If you become a victim of identity theft, you can be covered for the unreimbursed costs of restoring your identity, like fraudulent electronic fund transfers, lost wages, legal fees and travel expenses.
- Gives you access to your Experian credit report and FICO® Score☉ , along with all the other benefits of Experian membership, such as dark web monitoring, which lets you know if your information is found on the dark web.
While it's nearly impossible to completely protect yourself from data breaches these days, taking steps to guard your identity going forward may put you in better shape for the next security breach announcement.