Breach Brief – Wendy’s
It seems that the Wendy’s data breach was worse than thought. The AACR first reported the data breach in January. Now we are seeing the real damage. Wendy’s has admitted that the data breach was first suspected of affecting only a few hundred of its restaurants. Now the truth comes out and the number is over 1,000.
Wendy’s has released a searchable list of all the restaurants affected by the breach.
Originally Wendy’s believed that only 300 of its 5,700 franchises were breached. Wendy’s notified its customers and the public in February of the breach when it discovered evidence of malware in its POS systems.
Wendy’s has issued the following statement regarding the expanding breach.
“Based on the facts known to Wendy’s at this time, the additional malware targeted the following payment card data: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code. Please note that the cardholder verification value that may have been put at risk is not the three or four-digit value that is printed on the back or front of cards, which is sometimes used in online transactions.”
After detecting the presence of the malware Wendy’s claimed to have disabled it. Wendy’s believes that the malware attack first took place in the fall of 2015. Wendy’s also believes that it detected evidence of at least two separate malware attacks on its systems.
Customers of the fast food chain affected by the breach will receive are a year’s worth of “identity consultation” from Kroll Identity Theft Restoration if necessary. According Wendy’s “an experienced licensed investigator will work on your behalf to resolve related issues.