Home > Computing > Clogged arteries and compromised credit cards…

Clogged arteries and compromised credit cards could come from eating at Arby's

Why it matters to you

If you've eaten recently at Arby's, you may want to check your bank statement -- some of its outlets' point-of-sale systems were hacked.

The biggest danger associated with fast food isn’t clogged arteries — apparently, it’s compromised credit card data. On Thursday, security blog KrebsOnSecurity reported that Arby’s had “recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.” That’s right — if you’ve eaten a roast beef sandwich from the chain recently, you may want to check your credit card statements.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts,” the statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

MoreThe SEC opens an investigation into Yahoo regarding its data breaches

According to Arby’s, malware was placed on payment systems within Arby’s corporate stores, but franchised restaurants were not impacted. About a third of Arby’s 3,300 U.S. stores are corporate-owned, but details have yet to be released around exactly which locations were impacted by the breach.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” Christopher Fuller, Arby’s senior vice president of communications, told KrebsOnSecurity. “But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

The fast-food chain has yet to reveal how long the malware remained active on corporate payment systems, though it is estimated that it was effective between October 25, 2016 and January 19, 2017.

So what to be done? While you’re not liable for any fraudulent charges that may hit your credit or debit cards, you’ll still need to be vigilant about reporting these transactions. That means that you’ll have to keep close watch on your statements. We’ll update you with any additional information as it becomes available.