Dairy Queen, the fast food and ice cream purveyor, said its payment systems were recently breached by hackers who may have gained access to customers’ names, payment card numbers and expiration dates, though personal information such as Social Security numbers were not compromised.
The fast food chain revealed earlier this week that the malware intrusion may have affected some payment cards at certain DQ locations and one Orange Julius location in the U.S.
Dairy Queen affected by Backoff malware
In a statement, Dairy Queen said some of its restaurants were hit by the widely-reported Backoff malware that is targeting retailers across the country. The company’s investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at the impacted locations.
On Thursday, Dairy Queen published a list on its website of the 395 restaurants where payment card data was affected, out of its 4,500 outlets.
The company said its investigation established that the Backoff malware was present on systems at a small percentage of locations in the U.S. However, the fast food chain confirmed that it has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses were compromised as a result of this malware infection.
Intrusion occurred between August and October
Data Queen said the time period of the malware intrusion was between August and October, though it varies at each location. The company said it’s offering “free identity repair services” for one year to any customer who used a credit or debit card at one of the hacked restaurants during the affected time period.
The ice cream and fast food franchisor confirmed the malware has been ‘contained’.
There have been data breaches at multiple retailers over the last year. The hackers have stolen customer data from Niemen Marcus, White Lodging, SUPERVALU INC. (NYSE:SVU)., Easton-Bell Sports, Harbor Freight Tools, Michael’s, Sally Beauty Holdings, Inc. (NYSE:SBH), United Parcel Service, Inc. (NYSE:UPS), Goodwill and P.F. Chang’s China Bistro (NASDAQ:PFCB).
The largest known security breaches have been at Target Corporation (NYSE:TGT) and The Home Depot, Inc. (NYSE:HD). In September, ValueWalk reported that The Home Depot Inc. could have been a victim of a massive credit card breach that could exceed the earlier 40 million credit card and debit card attack. It is believed Home Depot’s breach could go back to April or May and the attack could be ‘many times larger’ than Target’s.
It is pertinent to note European countries have long been using chip-and-pin and chip-and-sign systems, which make them considerably less vulnerable to malware installed on magnetic readers as is the norm in the United States. However, next year, a number of retailers and banks will roll-out these more secure systems to cut down the threat of major breaches.