Wendy’s Admits Data Breach Much Worse Than Previously Reported

Wendy’s Admits Data Breach Much Worse Than Previously Reported

June 13, 2016         Written By John H. Oldshue

Wendy’s announced the number of stores affected in a recent data breach is “considerably higher” than the previously reported 300 stores.

Initially, the fast food chain discovered malware on its POS system at 5% of its franchisee-owned locations. However, they have recently uncovered a variant of the first malware.

“The attackers used a remote access tool to target a point-of-sale system that, as of the May 11th announcement, the Company believed had not been affected. This malware has been discovered on some franchise restaurants’ POS systems, and the number of franchise restaurants impacted by these cybersecurity attacks is now expected to be considerably higher than the 300 restaurants already implicated,” the restaurant said in its press release.

The release said the company has disabled the malware “on all franchise restaurants where it has been discovered” and it “continues to work aggressively with its experts and federal law enforcement to continue its investigation.”

Both security expert Brian Krebs and the National Association of Federal Credit Unions have accused Wendy’s of minimizing the issue, and have said the breach could be larger than the ones that affected Target (40 million customers) and Home Depot (56 million customers).

“A number of sources in the fraud and banking community have complained to (me) that there was no way the Wendy’s breach only affected 5 percent of stores–given the volume of fraud that the banks have traced back to Wendy’s customers,” Krebs wrote.

The Ohio-based restaurant chain has more than 6,000 locations in the United States and Canada, the majority of which are owned by franchisees. Wendy’s still refuses to detail which locations were affected, or exactly how many stores were breached.

“As our investigation is active and ongoing, it is a premature for us to discuss individual restaurants or specific geographic locations impacted by this cyber-attack,” said Wendy’s spokesman Bob Bertini. “This situation does involve a considerable number of Wendy’s franchise restaurants in the U.S. and well as restaurants in Canada.”

Credit unions filed a class-action lawsuit against Wendy’s over the breach.

The information contained within this article was accurate as of June 13, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : No Annual Fee, Bonus Offer, Cash Back
Featured No Annual Fee Card
Top Features : Earn cash back twice. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : No Annual Fee; Cash Back match at the end of your first year; Social Security Alerts
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time