More than 1,000 Wendy’s restaurants across the United States have been affected by a debit and credit card breach.
According to WGN TV, the fast food company’s investigation of the situation has revealed that “unusual activity” may have started in October 2015, but they first found evidence in February of this year. An instance of malware was found and disabled early last month.
“The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy’s franchisee systems starting in late fall 2015,” the company said.
They’ve also discovered what information the hackers were targeting in the breaches: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.
As of now, there hasn’t been evidence of restaurants being directly affected. Evidence suggests remote access credentials for service providers used by Wendy’s were breached, which allowed hackers to access point-of-sale systems at more than 1,000 Wendy’s restaurants.
Wendy’s has crafted a list of Frequently Asked Questions to inform customers about the breach, and what they can do to protect their credit and debit card information if they’ve been affected by the malware attack.
The franchise is urging their customers to check card statements for any fraudulent activity, and to report it as soon as they notice an unauthorized charge.
In addition, a special webpage has been created that allows customers to input the city, state, and country (although this breach only affects the U.S.) where they may have used a card at a Wendy’s location. Searching that information will return a list of locations, if any, impacted in the area and the dates when data may have been compromised.
Wendy’s Company President & CEO Todd Penegor issued an official statement:
We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyber attacks involving some Wendy’s restaurants. We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures.
Wendy’s isn’t the first organization to face this issue.
Hard Rock Hotel & Casino in Las Vegas notified customers of a malware attack on their point-of-sale systems as well, as SC Magazine reported.
Customers found fraudulent charges on cards they’d used at the casino, prompting Hard Rock to launch an investigation in May. Cards used there between October 27, 2015, and March 21, 2016, were at risk. The hack targeted customer names, credit or debit card numbers, expiration dates, and CVVs (the three- or four-digit number located on the front or back of the card).
As CNN reported, Target dealt with a credit card hack affecting 40 million customers in 2013. The retailer was met with a barrage of criticism from politicians and customers, who insisted that the store failed to implement proper security procedures and were to blame for the incident.
This hack targeted the same card data as in the Hard Rock Hotel & Casino case.
Zack Forsyth of Comodo, a cyber security firm, said that popular chain locations are the perfect target for malware attacks. To make things worse, the attacks are usually only found after the data has been stolen, and that will only change if these retailers upgrade their technology.
“It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left,” Forsyth said.
More than 1,000 Wendy’s locations have been affected this time around, and if the security technology really is so outdated, customers may have to prepare themselves for bigger breaches in the future.
[Image via Ken Wolter / Shutterstock.com]