Wendy’s Has Another Update On Their Payment Breach, Knows What Data Was Taken

Image courtesy of Nicholas Eckhart

As you may remember, earlier this summer, fast food and salad experience restaurant Wendy’s confirmed that “considerably more” than 300 of its stores fell victim to a malware attack starting in late 2015. Now, the fast food giant is spilling the chili beans on what customer information the hackers took. They extracted cardholder names, credit and debit card numbers, and card expiration dates.

Wendy’s has been investigating a possible breach in its franchisees’ point of sale systems since January, first finding malware in some older systems in around 5% of their franchised restaurants, or 300 locations, and later updated the figure to more than 300. That means that the figure is somewhere between 301 and 5,700. Wendy’s says that 1,025 of their franchised restaurants were affected.

Clicking on a link that is supposed to lead to a list of restaurants that “may have been impacted by these attacks” instead takes users to this rather useless dialog box.


Update: The list of affected restaurants is now live, and you can search it here.

The update on Thursday did let customers know what data of theirs may have been taken. Wendy’s provided an update on its investigation of “unusual payment card activity,” explaining how the company plans to prevent future issues and providing details of how victims can enroll in identity theft protection if that interests them.

If you were affected or think that you may have been affected, you can call Wendy’s with any questions that you might have at 888-846-9467, or e-mail them at PaymentCardUpdate@wendys.com.

Updates Related to Investigation of Unusual Payment Card Activity at Wendy’s [Wendy’s]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.