Credit Card Data Breach at Arby’s

February 9, 2017, Written By Bill Hardekopf

Fast food chain Arby’s has been hit with a security breach that may have compromised at least 355,000 debit and credit cards.

Arby’s has confirmed the breach with Brian Krebs of KrebsOnSecurity. It is believed the breach could have affected hundreds of stores, though Arby’s has not yet commented on how long the payment systems were compromised. The PSCU, a servicing company for credit unions, said it is likely the breach happened between October 25 and January 19.

Krebs initially learned of the possible breach when six banks and credit unions independently contacted him to ask if he had heard anything about a breach at Arby’s. When Krebs reached out to the chain, they confirmed they had dealt with a breach involving malicious software installed on the payment card systems at hundreds of restaurants.

An Arby’s spokesperson said they had been notified in mid-January about the breach by some of their industry partners, but they had not released details to the public at the behest of the FBI.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement to KrebsOnSecurity. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant,” their statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

The malware had been placed on corporate stores, so Arby’s franchised restaurants should not be impacted. Of the 3,330 Arby’s stores across the country, about one-third are corporate-owned.

This attack was similar to the ones that struck Target and Home Depot. The attackers installed malware on the payment systems, which allowed them to remotely steal data from every debit or credit card that was swiped. Criminals are able to access the payment network through the account of someone who has legitimate access. Generally, the authorized user’s login credentials are stolen through a phishing email. Once the hacker gets into the payment network, every payment terminal linked to the system is infected.

Arby’s has advised customers to keep an eye on their payment card account statements and report unauthorized activity immediately.



The information contained within this article was accurate as of February 9, 2017. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.