Wendy’s Credit Card Breach Across 300 Stores Caused by PoS Malware
Fast food chain Wendy’s has confirmed that it was a victim of a point-of-sale (PoS) system attack after its investigations found that 300 of its franchised stores were infected with malware designed to steal credit card data.
In their 2016 first quarter SEC filing, Wendy’s disclosed, “Based on the preliminary findings of the investigation and other information, the Company believes that malware, installed through the use of compromised third-party vendor credentials, affected one particular point of sale system at fewer than 300 of approximately 5,500 franchised North America Wendy's restaurants, starting in the fall of 2015.”
Wendy’s added that its primary Aloha PoS system, which is already being used at all company-owned restaurants and in a majority of franchise-operated stores, was not affected by the attack.
Wendy’s investigation was prompted by reports back in January from several credit unions and card issuers in Ohio of fraudulent payment card activities traced back to its restaurants. One credit union even estimated that it may end up with five to ten times the loss from the data breaches that affected Target and Home Depot.
Wendy’s added that it is currently working with security experts and federal law enforcement to determine the source of the malware and evaluate the extent of the attack, and it has also disabled and removed the malware in affected stores. Their ongoing investigations also revealed that around 50 of its franchised restaurants have been found to have, or are suspected of experiencing, ‘unrelated cybersecurity issues.’
Businesses like Wendy’s, along with those in retail, healthcare, hotel and tourism, are considered a goldmine for attackers due to the high volume of financial transactions taking place in those industries. Attackers use various infiltration techniques to gain entry into the PoS devices and move laterally across their networks to compromise the systems and steal sensitive payment card data. Hospitality service providers Hilton Worldwide and Starwood Hotels & Resorts, and online retailer Kohl’s, were just some of the more recent businesses hit with attacks that exposed their customers’ credit card information.
To minimize credit card fraud, more and more businesses are shifting to the use of EMV or chip-based cards, which offer better security compared to the traditional magnetic stripes embedded in the cards. EMV cards are touted to be more difficult and more expensive to counterfeit. The payment technology uses PIN-based authentication to complete payments, and also allows banks to determine if the card or transaction has been modified. Businesses are also urged to use multi-layered security solutions to defend systems from malware. Users whose payment information may have been compromised are advised to regularly monitor their accounts for any suspicious activity, and to immediately report the incident to the bank or card issuer.
Update: June 10, 2016
In its continued investigation, Wendy’s released a statement to KrebsOnSecurity reporting that the breach is now expected to be “considerably higher than the 300 restaurants already implicated”. According to the company’s spokesman Bob Bertini, part of the problem was that the breach happened in two waves—one was discovered when preliminary investigations conducted by an outside forensic team found 300 locations affected with PoS malware, and the other was when the company’s own investigators discovered a different strain of malware at some locations. Bertini declined to comments on the details of the malware strain. “The malware used by attackers is highly sophisticated in nature and extremely difficult to detect. Upon detecting the new variant of malware in recent days, the Company has already disabled it in all franchise restaurants where it has been discovered, and the Company continues to work aggressively with its experts and federal law enforcement to continue its investigations”, the statement said.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale