Wendy's says hackers were able to steal customer's credit and debit card information at 1,025 of its U.S. restaurants, including possibly twelve restaurants here in the Treasure Valley. It was a security breach company officials say was far more significant than originally thought.
The major hamburger chain says hackers were able to access card numbers, names, expiration dates and codes on the cards. Some customer's cards were used to make fraudulent purchases at other stores.
In May, it said malware was found in fewer than 300 restaurants starting in the fall of 2015. About a month later, it said two types of malware were found and the number of restaurants affected was "considerably higher."
There are more than 5,700 U.S. Wendy's restaurants.
"We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy's restaurants," Wendy’s President and Chief Executive Officer Todd Penegor sad in a statement posted on the company’s website. "We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures."
The company says it believes the criminal cyber-attacks resulted from service providers’ remote access credentials being compromised, allowing access –- and the ability to deploy malware –- to some franchisees’ point-of-sale systems. To date, there has been no indication in the ongoing investigation that any Company-operated restaurants were impacted by this activity, the company’s website said.
'Wendy’s says it has worked with investigators to disable the malware involved in the first attack earlier this year. “Soon after detecting the malware variant involved in the latest attack, the Company identified a method of disabling it and thereafter disabled it in all franchisee restaurants where it was discovered,” the website stated. “The investigation has confirmed that criminals used malware believed to have been effectively deployed on some Wendy's franchisee systems starting in late fall 2015.”
According to the company’s website, The Treasure Valley Wendy’s restaurants potentially impacted by the hack are those located at:
1180 Broadway Ave., Boise (potentially impacted 1-13-2016 to 6-8-2016)
1450 S. Orchard St., Boise (potentially impacted 1-13-2016 to 6-8-2016)
8100 W. Franklin Rd., Boise(potentially impacted 1-13-2016 to 6-10-2016)
3680 State St., Boise (potentially impacted 1-13-2016 to 6-8-2016)
600 N. 10th Ave., Caldwell (potentially impacted 1-13-2016 to 6-8-2016)
65 Eagle River Dr., Eagle (potentially impacted 1-13-2016 to 6-8-2016)
5525 Chinden Blvd., Garden City (potentially impacted 1-13-2016 to 6-8-2016)
100 E. Corporate Dr., Meridian (potentially impacted 1-13-2016 to 6-8-2016)
3140 E. Florence Dr., Meridian (potentially impacted 1-13-2016 to 6-8-2016)
2910 American Legion Way, Mountain Home (potentially impacted 1-13-2016 to 6-10-2016)
424 12th Ave. Rd., Nampa (potentially impacted 1-13-2016 to 6-8-2016)
1028 Caldwell Blvd., Nampa (potentially impacted 1-13-2016 to 6-8-2016)
Better Business Bureau Northwest, serving the Treasure Valley and southwest Idaho, is encouraging people who may have eaten at a Wendy’s restaurant lately to check their personal financial accounts. “As a consumer, check your credit card, check your bank account, check your credit report -– make sure there’s no credit opened in your name,” said BBB spokesperson Emily Valla. “If you have any reason to feel that there’s been some hack against you, you might want to do a fraud alert, you might want to freeze your credit report and then, always be aware that there could be malware; you always want to be protecting your information.”
(Associated Press contributed to this story)