Investigation At Wendy’s Turns Up Malware, Payment Breach At 300 Restaurants

Image courtesy of JeepersMedia

Remember the suspected payment data breach at Wendy’s restaurants from earlier this year, which resulted in a class action lawsuit almost right away? It took a few months, but Wendy’s has confirmed that they did experience a breach dating back to fall 2015, and they’ve now fixed the underlying problem, which affected an estimated 5% of their restaurants.

If you were wondering, there are a total of 5,500 Wendy’s restaurants in North America, most of which are franchisees. In a statement sent to Krebs on Security, the blog that first uncovered the breach back in January, the company explained that the malware affected point-of-sale systems at some franchisees, but has been disabled and the breach is now over.

What the company has made public is that the investigation found that about 300 restaurants were compromised, with people in the banking industry grumbling to Brian Krebs about the extent of this breach and how long it took to investigate and shut down. While 300 stores is a relatively small number, the number of people who pass through the busiest fast food restaurants can mean a huge number of cards compromised.

Krebs cites both the known malware breach, and another, separate malware attack hit point-of-sale systems in about 50 franchised restaurants

Wendy’s: Breach Affected 5% of Restaurants [Krebs on Security]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.