Wendy’s has reported that over the past several months, some Wendy’s restaurants have been the victim of malicious cyber activity targeting customers’ payment card information. The company issued a notice apologizing to anyone who has been inconvenienced and has conducted an investigation.
Wendy’s first reported unusual payment card activity affecting some restaurants in February 2016. In May, the company confirmed evidence of malware being installed on some restaurants’ point-of-sale systems, and worked to disable it. On June 9, the company discovered additional malicious cyber activity involving other restaurants. That malware has also been disabled in all franchisee restaurants where it was discovered.
“We believe that both criminal cyber attacks resulted from service providers’ remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees’ point-of-sale systems,” the company noted.
Based on the facts known to Wendy’s at this time, the additional malware targeted the following payment card data: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.
Wendy’s has worked with third-party forensic experts and federal law enforcement on this investigation, which is ongoing. Wendy’s has now arranged to offer fraud consultation and identity restoration services to all customers who used a payment card at a potentially affected restaurant during the time when the restaurant may have been affected.
To read more, click here.