Did you stop at Wendy’s for a Baconator and a Frosty some time in late 2015? Malware that infected the point-of-sale machines in more than 1,000 Wendy’s locations means you might have gotten a side of identity theft with your order. The restaurant chain believes attackers specifically targeted customer credit card information.
Wendy’s says that the malware has been removed from infected computers, and has provided a public list of affected locations that concerned customers can check. If a location you visited is listed, it’s probably a good idea to review your credit card history, Engadget is reporting.
How did the infection spread to point-of-sale machines in the first place? Hacked remote access credentials, Wendy’s is saying.
“We believe that both criminal cyberattacks resulted from service providers’ remote access credentials being compromised, allowing access — and the ability to deploy malware– to some franchisees’ point-of-sale systems,” said Wendy’s President and CEO Todd Penegor in a statement about the breach.
The restaurant chain is offering victims of the breach a year of fraud consultation over the phone. If you think you’ve been affected, call 866-779-0485 between 8 a.m. and 5:30 p.m. CST on a non-holiday weekday to find out what you need to do next.
It’s also a good idea to check your credit score, and look through your credit card bills for any unfamilar purchases.
“We will continue to work diligently with our investigative team to apply what we have learned from these incidents and further strengthen our data security measures,” said Penegor.
This is another reminder that, in a connected world, you can be affected by a malware outbrake regardless of whether you shop online or not. This is one of the bigger breaches since Target’s infamous problems back in 2014, when the credit card information of up to 40 million people was leaked.