American fast food chain Wendy’s has admitted that the data
breach affecting the company reported last month was a lot bigger than what was
The Wendy’s breach came into light last month after the
company began investigating unusual activity involving customer credit cards in
January this year.
“Based on the preliminary findings of the
previously-disclosed investigation, the Company reported on May 11 that malware
had been discovered on the point of sale (POS) system at fewer than 300
franchised North America Wendy’s restaurants,” Wendy’s stated. “An additional 50 franchise restaurants
were also suspected of experiencing, or had been found to have, other
Wendy’s has described the breach as “extremely difficult to
detect,” uploaded via a remote access tool to a second POS system that was not
previously known to be infected.
The Company believes this series of cybersecurity attacks
resulted from certain service providers’ remote access credentials being
compromised, allowing access to the POS system in certain franchise restaurants
serviced by those providers.
After detecting the malware, the Company has already
disabled it in all franchise restaurants where it has been discovered, and
continues to work aggressively with its experts and federal law enforcement to
continue its investigation.