US fast food chain Wendy’s is said to be investigating a possible major data-stealing malware campaign aimed at multiple stores.
Spokesperson Bob Bertini told security researcher Brian Krebs that the restaurant group has hired a security firm to look into reports from “payment industry contacts” that it may be a victim of a serious data breach.
“We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,” he said.
“Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”
Although Bertini revealed the period of time they’re looking at is late 2015, he claimed it was too early to say whether the incident had been contained or how many stores were affected.
The firm apparently has over 6,000 restaurants nationwide as well as outlets in 28 countries around the world.
If it has been attacked, it won’t be the first fast food chain to be hit by POS-related malware in recent years. Others include PF Chang’s, Dairy Queen and Jimmy Johns.
“One of the most important things to note here is that it's often a merchant bank or individual cardholder working in collaboration with a reporter (Krebs) to disclose the issue publicly. This either indicates that the organizations are either withholding or, more likely, have limited or no knowledge of the breach,” explained Jonathan Cran, vice president of operations at Bugcrowd.
“Given the distributed nature of these systems, and the lack of tooling, the breaches are difficult to detect prior to exfiltration of the information. The best thing organizations like this can do is set up a public channel to accept input from researchers and banking industry professionals.”
Cran added that cyber-criminals may be rushing to collect details from magstripe cards before retailers mandate that customers only use chip and PIN (EMV) cards, which are harder to clone although are still exposed to online fraud.