Skip to main content

Clogged arteries and compromised credit cards could come from eating at Arby's

arbys hack screen shot 2017 02 09 at 2 42 14 pm
Image used with permission by copyright holder
The biggest danger associated with fast food isn’t clogged arteries — apparently, it’s compromised credit card data. On Thursday, security blog KrebsOnSecurity reported that Arby’s had “recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.” That’s right — if you’ve eaten a roast beef sandwich from the chain recently, you may want to check your credit card statements.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts,” the statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

Recommended Videos

According to Arby’s, malware was placed on payment systems within Arby’s corporate stores, but franchised restaurants were not impacted. About a third of Arby’s 3,300 U.S. stores are corporate-owned, but details have yet to be released around exactly which locations were impacted by the breach.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” Christopher Fuller, Arby’s senior vice president of communications, told KrebsOnSecurity. “But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

The fast-food chain has yet to reveal how long the malware remained active on corporate payment systems, though it is estimated that it was effective between October 25, 2016 and January 19, 2017.

So what to be done? While you’re not liable for any fraudulent charges that may hit your credit or debit cards, you’ll still need to be vigilant about reporting these transactions. That means that you’ll have to keep close watch on your statements. We’ll update you with any additional information as it becomes available.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
How Coinbase stopped the Twitter Bitcoin hack from being even worse
twitter and laptop hacked

The hackers behind last week's massive Twitter security breach made off with more than $100,000 through their Bitcoin giveaway scam. But it could have been much worse.

Quick responses from Twitter and Bitcoin exchanges like Coinbase reportedly kept a combined $300,000 away from the hackers' pockets.

Read more
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more