Fast food chain Wendy's announced in February that is was looking into a possible security breach. The franchise followed up in May confirming it found malware on its point-of-sale systems that was being used to nab credit card info. Stolen details were said to include including credit or debit card number, expiration date, cardholder verification value, and service code from less than 300 locations. Last month, the company provided and update that the investigation revealed the breach could be much worse due to a second cyberattack. Wendy's gave another update on the situation this week, disclosing that over 1,000 locations had systems where the malware was installed.
The company says that the malware has been disabled at all of the locations where it was discovered to be installed. Wendy's explained that the breach likely originated from franchisees remote access credentials being compromised, giving the culprits the ability to install the software needed to swipe details from credit and debit card transactions. The investigation is still in progress, so more details could be on the way.
"We will continue to work diligently with our investigative team to apply what we have learned from these incidents and further strengthen our data security measures," said president and CEO Todd Penegor.
For now, Wendy's has posted a list of affected locations. If you made a purchase at one of those, the company is offering a year of fraud protection and identity restoration free of charge. Of course, it's a good idea to take a glance at your recent statements even if your local restaurant isn't on the list.