Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Wendy's Data Breach Affects Franchises in Arkansas, Oklahoma, and Texas
Monday, July 11, 2016 6:45 AM

As you already know, some of Wendy's restaurants have been the victim of malicious cyber activity targeting customers’ payment card information. Included in the breach are franchises in Arkansas, Oklahoma, and Texas.

Wendy's reports that they have conducted a rigorous investigation to understand what happened. Wendy’s first reported unusual payment card activity affecting some restaurants in February 2016 and, in May, confirmed evidence of malware on some restaurants’ point-of-sale systems. Their press releases report that they had worked with their investigators to disable the POS systems. 

Then on June 9, Wendy's reported the discovery of additional malicious cyber activity involving other restaurants. That malware has also been disabled in all franchisee restaurants where it has been discovered. They believe that both criminal cyberattacks resulted from service providers’ remote access credentials being compromised, allowing access and the ability to deploy malware to some franchisees’ point-of-sale systems.

Read Wendy’s latest press release distributed on July 7, 2016.

Based on the facts known to Wendy’s at this time, the additional malware targeted the following payment card data: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code.  Please note that the cardholder verification value that may have been put at risk is not the three or four digit value that is printed on the back or front of cards, which is sometimes used in online transactions. 

Access a list of potentially affected restaurants and relevant timeframes for each location.