DUBLIN, Ohio, July 7 (UPI) -- Fast food giant Wendy's on Thursday updated customers about a security breach involving customers' credit and debit cards at various franchise locations around the United States.
The breaches occurred beginning last fall, company officials said, and an additional malware variant was identified in May -- meaning malicious software had been installed on some payment terminals at certain locations.
Wendy's first became aware of unusual payment activity in February.
"The Company believes this criminal cyberattack resulted from a service provider's remote access credentials being compromised," the company said, noting that the malware targeted customers' cardholder name, card number, expiration date, cardholder verification value, and service code.
Related
"We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy's restaurants," Wendy's President and CEO Todd Penegor said in a statement. "We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures."
Wendy's has made available a database list to help customers identify whether their cards may have been affected by the breach.
"The update includes a list of restaurant locations that may have been involved in the incidents, as well as information on how customers can protect their credit and details regarding how potentially affected customers can receive one year of complimentary fraud consultation and identity restoration services," Wendy's said in the update on its website.
Company officials said the breach may have impacted customers at more than a thousand locations -- which is equal to about 20 percent of the company's U.S. franchises, The Wall Street Journal reported.
Wendy's is offering fraud protection for one year for affected customers at no cost.
