Over 1,000 Wendy’s Restaurants Infected with Malware
For months, Wendy’s has been vague about the number of stores affected during a five-month-long data breach. Today, the Ohio-based chain admitted that 1,025 restaurant point-of-sale systems were infected with malware.
The attack was two-pronged. The fast food restaurant first noticed unusual payment card activity in February 2016 and reported they had disabled the malware responsible for this activity in May. However, in June, the company found additional malicious activity in other restaurants and discovered a second malware attack. The company said both infections have been removed.
Hackers were able to use the malware to access the POS systems remotely to steal cardholder names, card numbers, expiration dates, verifications values, service codes and other data. The company said CVV codes were not at risk.
In May, Wendy’s said fewer than 300 (or 5%) of its restaurants had been hacked, but this was quickly questioned by security experts and credit unions, who said the reports they were receiving indicated the incident was much more severe.
Wendy’s recommends customers monitor their credit card and bank account statements for unauthorized activity. It has also arranged a complimentary year of fraud consultation support to customers who may have been affected.
The restaurant has listed affected restaurants on its website.