Wendy’s Co. has experienced a data breach since fall 2015. They reported around 300 stores have been affected by malware that has been installed in point-of-sale systems.
It was not discovered until early this year.
ALSO READ: Is it safe to use public Wi-Fi?
However, on Thursday, the company has publicly announced that due to the second wave of attack, a total of 1,025 U.S. stores has been affected. The first malware has been cleared last March, but a subsequent clean-up operation led them to another breach.
A list of all the affected restaurants has been posted by Wendy’s on their website.
An ongoing investigation involving forensic experts and payment card industry officers has reported that the hackers were able to steal personal information from their systems, such as the card holder’s name, card number, expiration date, verification, and service code.
This means fraudulent transactions and charges could transpire after customers have paid through one its affected branches using their credit or debit cards.
It is said that the breach has not been done directly at Wendy’s but through third party service providers that had access to the food chain’s systems.
Why hasn’t Wendy’s Co. done enough to upgrade its systems? In one of the lawsuits filed against the company, the breach was an “inevitable result of Wendy’s pervasive and inadequate approach to data security.”
Interestingly enough, only the franchise stores have been hacked. None of Wendy’s own restaurants, which use NCR Aloha POS have been affected. It is also noteworthy that Wendy’s has an ongoing 4-year upgrading program designed to thwart such hacks.
It turns out that Wendy’s have been calling the attention of its franchisees to upgrade their systems for some time, and it even filed a lawsuit against DavCo Restaurants, its fourth biggest franchisee, late 2014 for non-compliance.
The upgrades can cost around $350-$750,000 per remodel. Wendy’s requires at least a 10% of franchisees stores to be upgraded in a span of 6 years. For DavCo’s case, it needs to spend around $7.5 million every year through 2020.
If the remodels have been complied, the data breach would have been avoided, yet at a hefty cost.
Photo courtesy: Mike Mozart/Flickr