Connect to Us LinkedIn Youtube RSS

Aruba, July 14, 2016 - Fast food chain Wendy’s Co. listed 17 locations in Missouri affected by a data breach in which hackers targeted customers’ credit card information. No St. Louis-area restaurants were included.
Over 1,000 Wendy’s locations were hit nationwide after malware was deployed in late fall to franchisees’ point-of-sale systems, according to a notice posted to the company website.
Hackers sought cardholder name, credit or debit card number, expiration date, cardholder verification value and service code. Wendy’s has about 5,500 locations in the U.S.
“We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy’s restaurants,” President and CEO Todd Penegor said in a statement. “We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures.”
The malware has been disabled, according to Wendy’s (NASDAQ: WEN). The Ohio-based company worked with third-party forensics experts, federal law enforcement and payment card industry contacts during the investigation, the website stated. Wendy’s said it believed hackers gained access to the POS systems through a compromise of service providers’ remote access credentials. No further details were given.
Wendy’s originally reported in May that the breach was only limited to about 300 franchisee-owned restaurants. In June, the company discovered “additional malicious cyber activity involving other restaurants,” according to the notice. The Wall Street Journal reported in May that the security breach resulted in increased costs — the company’s general and administrative expenses spiked 8.2 percent to $64.6 million, including $3.7 million for professional fees and legal reserves related to the hack, for first quarter fiscal 2016. Revenue dropped 16 percent to $378.8 million, compared to the same period last year.