Subscribe

Wendy's: Hackers stole credit card data from more than 1,000 restaurants

Wendy's announced Saturday that the hack had reached more stores and used different technology than previously believed.

  • close
    A Wendy's sign and logo are shown at one of the company's restaurant in Encinitas, California May 10, 2016. The company announced Saturday that hackers had access to credit card numbers, names, expiration dates, and codes for credit cards used at Wendy's restaurants since fall 2015.
    Mike Blake/Reuters/File
    View Caption
  • About video ads
    View Caption
of

Wendy's recently announced that hackers were able to steal customers' credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought.

Wendy's first reported unusual payment card activity affecting some franchise-owned restaurants in February 2016. On Saturday, the company reported that an additional malware variant had been identified and disabled.

The hamburger chain said hackers have had access to card numbers, names, expiration dates, and codes on the card, since late fall. 

Recommended:Opinion 4 ways US can boost cyber security

"We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy's restaurants," said Todd Penegor, president and chief executive officer, in a statement.

The Dublin, Ohio, company first announced it was investigating a possible hack in January. In May, it said malware was found in fewer than 300 restaurants. About a month later, it said two types of malware were found and the number of restaurants affected was "considerably higher."

There are more than 5,700 Wendy's restaurants in the U.S.

The fast-food chain encouraged customers to watch for unauthorized charges on their cards. Generally, if you report unauthorized charges in a timely manner to the bank or credit card company that issued your card, you are not responsible for those charges.

In a corporate statement, Wendy's said the criminal cyberattacks resulted from service providers' remote access credentials being compromised, allowing access – and the ability to deploy malware – to some franchisees' point-of-sale systems.

According to the company, the malware was first deployed in late fall 2015 and it was disabled by early spring 2016. 

Customers can see which locations were affected through the Wendy's website. The company said it is offering free one-year credit monitoring to people who paid with a card at any of those restaurants.

Mr. Penegor said, "We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures."

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK