Over 1,000 Wendy’s Locations Affected by Credit Card Breach

Wendy’s, the world’s third largest hamburger fast food chain and number one champion of square beef patties, has announced that over 1,000 Wendy’s locations were affected by a credit card-stealing malware attack last fall.

The burger giant first announced a possible security breach back in February and confirmed in May that it had found malware on its point-of-sale (POS) systems that was used to steal credit or debit card numbers, expiration dates, cardholder verification values, and service codes.  Last month, the company provided and update that the investigation revealed the breach could be much worse due to a second

At the time, Wendy’s believed that the breach had affected fewer than 300 locations, but last month, the company revealed that the breach could be much worse than initially thought.

Now, Wendy’s CEO Todd Penegor had updated the situation further with an open letter to customers disclosing the full extent of the attack, which affected 1025 Wendy’s locations.

As of Thursday, July 7th, Wendy’s says that the POS malware has been shut down at all of the infected locations.

According to a statement from Wendy’s, the breach probably started with the compromise of a franchisees remote access credentials, which gave hackers the access to networks, and the ability to escalate their permissions and put the malware in place.Wendy’s internal investigation is ongoing.

For those baconator-fiends who’d like to know if their CC info has been affected, Wendy’s has published a page that lists breached restaurant locations by state. Wendy’s is offering customers who made purchases at affected restaurants a year of fraud protection and identity restoration services, free of charge.