Over 1,000 Wendy’s Restaurants Infected with Malware

July 7, 2016, Written By Bill Hardekopf

For months, Wendy’s has been vague about the number of stores affected during a five-month-long data breach. Today, the Ohio-based chain admitted that 1,025 restaurant point-of-sale systems were infected with malware.

The attack was two-pronged. The fast food restaurant first noticed unusual payment card activity in February 2016 and reported they had disabled the malware responsible for this activity in May. However, in June, the company found additional malicious activity in other restaurants and discovered a second malware attack. The company said both infections have been removed.

Hackers were able to use the malware to access the POS systems remotely to steal cardholder names, card numbers, expiration dates, verifications values, service codes and other data. The company said CVV codes were not at risk.

In May, Wendy’s said fewer than 300 (or 5%) of its restaurants had been hacked, but this was quickly questioned by security experts and credit unions, who said the reports they were receiving indicated the incident was much more severe.

Wendy’s recommends customers monitor their credit card and bank account statements for unauthorized activity. It has also arranged a complimentary year of fraud consultation support to customers who may have been affected.

The restaurant has listed affected restaurants on its website.



The information contained within this article was accurate as of July 7, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Bill Hardekopf

Bill Hardekopf is the CEO of LowCards.com and covers the credit card industry from all perspectives. Bill has been involved with personal finance for over 15 years. He is a frequent contributor to Forbes, The Street and The Christian Science Monitor.
View all posts by Bill Hardekopf