The Edina, Minnesota-based ice cream chain confirmed Thursday it had been in contact with the U.S. Secret Service about "suspicious activity" related to Backoff, a strain of malware that attacks point-of-service machines discovered last October. Dairy Queen said it was investigating the breach and did not yet know how many stores or customers had been affected.
"We are gathering information from a number of sources, including law enforcement, credit card companies and processors," Dairy Queen said in a statement."The protection of customer data is a top priority for us and our franchisees, and we take it seriously."
Backoff most recently hit Eden Prairie, Minnesota-based supermarket chain Supervalu and United Parcel Service earlier this month.
Cybersleuth Brian Krebs, who also broke the news of last fall's massive Target breach, began reporting on the apparent Dairy Queen hack on August 14, after he was contacted by a Midwestern credit union complaining of a rash of more than 50 customers who had been victimized by card fraud.
"According to the credit union, more than 50 customers had been victimized by a blizzard of card fraud just in the past few days alone after using their credit and debit cards at Dairy Queen locations -- some as far away as Florida -- and the pattern of fraud suggests the DQ stores were compromised at least as far back as early June 2014," Krebs wrote.
He said Dairy Queen, whose stores are operated by franchisees, does not have a requirement that franchisees notify the company in the event of a breach, which perhaps prevented the chain from discovering the pattern of fraud sooner.
The Department of Homeland Security began warning companies about Backoff on July 31, and again last Friday.
Michaels Stores, Neiman Marcus and P.F. Chang's are among other large national retailers hit by cyberattacks in recent months.