Wendy’s has issued an alert, together with an apology, to its customers after suffering a major cyber-attack. The hack has affected almost one in five of its restaurants throughout the U.S. According to Wendy’s (via Restaurant News), customer credit and debit card data has been stolen via malware in payment terminals. The malware affected 1,025 U.S. franchisee-owned outlets.
Worryingly, the cyber-attack began during the autumn (fall) of 2015; it took until July 8, 2016 for Wendy’s to realize this and to issue a customer alert. BBC News describes this as the most significant hack in U.S. history
Wendy’s is, appropriately, recommending to customers that they check their credit card statements very carefully and be mindful of fraud. This is important, according to the Newser, for the hackers are likely to have obtained credit card numbers, names, expiration dates, and codes. There is also evidence that some of the stolen data has been used to make fraudulent purchases.
To aid its clientele, Wendy’s has set up a dedicated website for people to check whether a Wendy’s restaurant they visited has been affected. A message on the website states: “The restaurants listed on this site are the potentially affected locations. If you do not see a specific state / city / address that you are looking for then it is has not been identified as affected by our forensic investigation.”
As to the reason, Wendy’s has put the blame at the door of a third-party, suggesting that a “service provider” who had remote access to the till systems was either responsible or had a security flaw that became transferred to the Wendy’s till network.
The news has caused a storm on social media. For example, CBS reporter Andrew Dymburt (@DymburtNews) tweeted: “If you’ve eaten at @Wendys since last fall, there’s about a 1 in 5 chance your credi card info was stolen.”