It took longer than expected from a company in the business of delivering its product quickly, but Wendy’s has at last opened up about getting hit with a credit card breach.
Rumors of a possible breach at a number of the fast food chain’s locations were first reported (by Krebs on Security) back in January. In March, when credit unions spoke out about the fact that they were dealing with the effects of the breach, Wendy’s was mum on the subject … and the company didn’t even have much to say when, just last week, those same credit card companies filed a lawsuit against it over the matter.
Wendy’s order appears to finally be up, as it were, with Sophos’ Naked Security having found, within the burger chain’s report on its first quarter results, the following statement (under the heading “Update on investigation into unusual payment card activity”):
“[Wendy’s] believes that malware, installed through the use of compromised third-party vendor credentials, affected one particular point-of-sale system at fewer than 300 of approximately 5,500 franchised North America Wendy’s restaurants, starting in the fall of 2015.”
In an FAQ section on its website dedicated to addressing the breach, Wendy’s goes on to state: “We have been working with our payment industry contacts since recently learning of these reports, and we have launched a comprehensive investigation with the help of cybersecurity experts to gather facts, while working to protect our customers. We also are fully cooperating with law enforcement authorities.”
“Until this investigation is completed,” continues the statement, “it is difficult to determine with certainty the nature or scope of any potential incident.”
In the meantime, Wendy’s uses that FAQ page to provide concerned consumers with email and phone number contact information through which they can find out more.