Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PoS systems infected in 1 in 20 Wendy’s stores, credit card exposed

The hack suffered by Wendy’s fast-food chain was bigger than thought, payment card data exposed in more than 1000 stores. The hack suffered by Wendy’s fast-food chain was bigger than thought and exposed sensitive information, including credit card data. Roughly one on three Wendy’s burger was hacked, a malware has infected PoS systems. Just after the […]

PoS systems infected in 1 in 20 Wendy’s stores, credit card exposed

The hack suffered by Wendy’s fast-food chain was bigger than thought, payment card data exposed in more than 1000 stores.

The hack suffered by Wendy’s fast-food chain was bigger than thought and exposed sensitive information, including credit card data.

Roughly one on three Wendy’s burger was hacked, a malware has infected PoS systems. Just after the hack, the experts speculated that 300 restaurants were impacted, unfortunately, it seems that roughly 2,025 outlets were compromised.

“As we have reported over the past several months, unfortunately, some Wendy’s restaurants have been the victim of malicious cyber activity targeting customers’ payment card information. ” said Todd Penegor President and CEO, The Wendy’s Company

The data breach was first spotted in January when suspicious transactions were detected by financial institutions, it is likely that the original compromise occurred in 2015.

Fraudsters operated until May when Wendy’s company confirmed that PoS systems at 300 restaurants were infected with a PoS malware.

Wendy's logo

Attackers used a malicious code that was able to steal payment card data from PoS systems.

“Wendy’s first reported unusual payment card activity affecting some restaurants in February 2016. In May, we confirmed that we had found evidence of malware being installed on some restaurants’ point-of-sale systems, and had worked with our investigator to disable it.  On June 9th, we reported that we had discovered additional malicious cyber activity involving other restaurants.  That malware has also been disabled in all franchisee restaurants where it has been discovered.” added Penegor.

A particular caught my attention, since Wendy’s has started the investigation the malware used to compromise the PoS systems in the stores evolved, and a new variant was detected by the experts while infecting restaurants of the chain.

“As part of the ongoing investigation that has been underway, Wendy’s discovered a variant of the malware – similar in nature to the original but different in its execution – affecting additional franchise locations.” reads the statement issued by Wendy. “We believe this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system.”

The company is still investigating with law enforcement and actors in the payment industry contacts. It seems that Wendy’s firm has successfully removed the malware from its systems.

To discover which stores have been hacked, use the service deployed by Wendy’s company.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Wendy’s, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]