Wendy’s Reports 5% of Restaurants Breached
Wendy’s announced a potential data breach in January, but it was not until last week that the restaurant chain confirmed 300 of its 5,500 franchised stores were attacked.
The company assures customers the malware has been removed from all of its point-of-sale systems.
In its first quarter financial statement, the fast food chain said they have “worked aggressively with its investigator to identify the source of the malware and quantify the extent of the malicious cyber-attacks, and has disabled and eradicated the malware in affected restaurants. The Company continues to work through a defined process with the payment card brands, its investigator and federal law enforcement authorities to complete the investigation.
“Based upon the investigation to date, approximately 50 franchise restaurants are suspected of experiencing, or have been found to have, unrelated cybersecurity issues. The Company and affected franchisees are working to verify and resolve these issues.”
Consumers and financial institutions have already filed lawsuits against the restaurant chain over the breach. Many banks and credit unions said Wendy’s locations were leaking consumer data for at least five months.
“Our ongoing investigation into unusual payment card activity at some Wendy’s restaurants is being led by a third party PFI and is proceeding as expeditiously as possible,” the company reported in their quarterly financial statement. “As you are aware, our investigator is required to follow certain protocols in this type of comprehensive investigation and this takes time. Adding to the complexity is the fact that most Wendy’s restaurants are owned and operated by independent franchisees.”