Fast food chain Wendy’s has confirmed a credit card breach induced by a malware compromising its point-of-sale systems, has impacted over 1,000 outlets, rather than initial estimates of 300 restaurants.
On June 9, 2016, fast-food restaurant chain Wendy’s had admitted that the number of franchise outlets affected by a point-of-sale compromising malware attack was “considerably higher” than the 300 restaurants believed to be targeted.
Preliminary findings had Wendy’s reveal in early May that the malware had been discovered on the point-of-sale systems of counters at less than 300 franchised Wendy’s outlets in North America. At the time, 50 additional franchise outlets were also suspected of being targets in the sweeping compromise, prompting its management to continue its investigation.
In a statement released yesterday, Wendy’s stated:
As we have reported over the past several months, unfortunately, some Wendy’s restaurants have been the victim of malicious cyber activity targeting customers’ payment card information.
We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks.
Wendy’s insists that the malware since been disabled at all impacted franchisee outlets. Still, the damage is already done, with the likelihood of identity theft and credit card fraud now rife with possibility.
Wendy’s also points to multiple attempts to compromise its systems, both of which were successfully orchestrated by malicious attackers.
As part of the ongoing investigation that has been underway, Wendy’s discovered a variant of the malware, similar in nature to the original, but different in its execution affecting additional franchise locations.
We believe this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system.
The management recommends that Wendy’s customers monitor and review credit card account statements to look for unauthorized activity. The management has arranged for a year’s worth of fraud consultation and identity restoration services for all customers who used a payment card at impacted restaurants.
Featured image from Shutterstock.