Skip to main content

Clogged arteries and compromised credit cards could come from eating at Arby's

arbys hack screen shot 2017 02 09 at 2 42 14 pm
Image used with permission by copyright holder
The biggest danger associated with fast food isn’t clogged arteries — apparently, it’s compromised credit card data. On Thursday, security blog KrebsOnSecurity reported that Arby’s had “recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.” That’s right — if you’ve eaten a roast beef sandwich from the chain recently, you may want to check your credit card statements.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts,” the statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

According to Arby’s, malware was placed on payment systems within Arby’s corporate stores, but franchised restaurants were not impacted. About a third of Arby’s 3,300 U.S. stores are corporate-owned, but details have yet to be released around exactly which locations were impacted by the breach.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” Christopher Fuller, Arby’s senior vice president of communications, told KrebsOnSecurity. “But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

The fast-food chain has yet to reveal how long the malware remained active on corporate payment systems, though it is estimated that it was effective between October 25, 2016 and January 19, 2017.

So what to be done? While you’re not liable for any fraudulent charges that may hit your credit or debit cards, you’ll still need to be vigilant about reporting these transactions. That means that you’ll have to keep close watch on your statements. We’ll update you with any additional information as it becomes available.

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
How Coinbase stopped the Twitter Bitcoin hack from being even worse
twitter and laptop hacked

The hackers behind last week's massive Twitter security breach made off with more than $100,000 through their Bitcoin giveaway scam. But it could have been much worse.

Quick responses from Twitter and Bitcoin exchanges like Coinbase reportedly kept a combined $300,000 away from the hackers' pockets.

Read more
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more
Hackers stole 26 million credit cards, but vigilantes just rescued them
wallet with cash and cards

In an ironic twist of fate, BriansClub, a black market site that contains stolen credit cards, was hacked to rescue the data of more than 26 million credit and debit cards. 

KrebsOnSecurity reports that the data stolen in August from the site, which goes by the name BriansClub[.]at was shared with financial institutions who were able to identify, monitor, and reissue cards that were compromised. 

Read more