On Tuesday, cybersecurity expert Brian Krebs wrote that he’d been hearing reports for weeks that DQ customer payment data had been compromised by hackers, but couldn’t confirm these rumors. Then his bank sources began telling him they had detected a pattern of fraud on cards that had all recently been used at Dairy Queen stores in several states.
At the time, a rep for DQ HQ in Minnesota said the company had received no reports of data breaches from its stores. But DQ locations are almost all franchised, and the company inexplicably has no policy requiring that franchisees alert HQ in the event of a security breach or problem with their card processing systems.
But last night, DQ HQ admitted to the Minneapolis Star-Tribune that “customer data at a limited number of stores may be at risk.”
“We are gathering information from a number of sources, including law enforcement, credit card companies and processors,” said the company in a statement that doesn’t reveal the number of stores or locations involved.