Earlier this year, it was reported that Wendy’s, America’s third-largest burger chain, was investigating a possible data breach impacting locations in the midwestern United States, as well as some on the East Coast.
Now, it seems that credit unions are experiencing a high level of debit card fraud, as well as major losses, due to the fast food chain’s breach, Krebs on Security reported Wednesday (March 2).
Back in January, Wendy’s confirmed it was looking into the breach after banking industry sources identified a pattern of fraud on cards that were all recently used at various Wendy’s locations.
“We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,” Wendy’s spokesman Bob Bertini told Krebs on Security at that time. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”
“We began investigating immediately, and the period of time we’re looking at the incidents is late last year,” Bertini continued. “We know it’s [affecting] some restaurants, but it’s not appropriate just yet to speculate on anything in terms of scope.”
While the company has yet to provide information on the actual extent of the breach or how many payment cards were compromised, credit unions have made it clear that they are already dealing with the consequences of the cyberattack.
B. Dan Berger, CEO of the National Association of Federal Credit Unions, explained to Krebs on Security that numerous credit unions saw a significant jump in the instances of debit card fraud weeks before the breach was reported publicly and, later, that activity was tied to customers who used their cards at Wendy’s locations less than a month prior.
“This is what we’ve heard from three different credit union CEOs in Ohio now: It’s more concentrated, and the amounts hitting compromised debit accounts is much higher tha[n] what they were hit with after Home Depot or Target,” Berger told the outlet. “It seems to have been been [the work of] a sophisticated group, in terms of the timing and the accounts they targeted. They were targeting and draining debit accounts with lots of money in them.”