It has been reported that Earl Enterprises, the parent company of Planet Hollywood has confirmed a cyber attack against its point-of-sales systems, with 2.15 million credit card details discovered on the darkweb. The PoS systems were infected by malware which extracted sensitive data including card numbers, customer names, and expiration dates, over a 10 month period.
RT SonicWall "Earl Enterprises, the parent company of restaurants like Planet Hollywood, has confirmed that it experienced a data #breach after researchers found more than 2 million stolen credit card numbers being sold online. via TheVerge https://t.co/0RWcqLgJxi #cybersecurit…
— Loophold (@loophold) April 1, 2019
Experts Comments Below:
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies
“Point of Sales terminals are often an overlooked area of payment infrastructure. If an attacker is able to gain access to a single POS on the network, it is often possible to infect the entire network of terminals, as is the case in Sak’s Fifth Avenue las year; 5 million credit and debit card numbers were stolen from their systems, a breach originating from a phishing email.
“As consumers, there are steps that we can take to protect ourselves against fraud. If you are paying using your debit or credit card, it’s generally better to pay with a credit card as you are entitled to better protection over purchases. It’s also a good idea to enable SMS notifications for your account so that you receive visual confirmation for the purchases that you make. If your bank account allows you set transaction limits, enable this feature as well. If you notice any suspicious transactions, inform your bank immediately and block the card.”
Ryan Wilk, VP at NuData Security:
“The 2 million cards on sale on the dark web would indicate this was a very successful project for the cybercriminals involved, and one which is likely to be incredibly profitable. POS-malware breaches happen in the US with alarming regularity, and businesses should be well aware that they need to not only protect their central networks but also need to account for physical locations as well. For those affected, they should keep an eye on their bank accounts for any unusual activity. Moving forward, financial institutions should consider implementing a system of two-factor authentication in conjunction with a passive biometric solutions in order to mitigate the entirely avoidable outcomes of security incidents such as this.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.