Wendy’s Cyber Attack Hit More Restaurants Than Previously Disclosed

The Wendy’s Co. (NASDAQ:WEN) has revealed that recently discovered malicious malware has infected considerably more than the 300 locations previously disclosed as being breached. The malware was initially discovered on the point of sale (POS) systems of fewer than 300 franchised North America Wendy’s restaurants. Wendy’s is the world’s third-largest quick-service hamburger company, with approximately 6,500 franchise and Company-operated restaurants worldwide.

The Dublin, Ohio-based operator began an investigation in January into unusual credit card activity at some franchised restaurants. When reporting the results of the investigation in May, the company said that fewer than 300 locations were hit with the cyber attack. Another 50 locations were believed to have a separate security issue. The results of the investigation indicated that payment cards used at the affected Wendy’s locations might have been used fraudulently elsewhere.

As the investigation continued, the company discovered a variant of the malware that was used in the previous attacks. The company says that the new malware is similar in nature to the previously found malware, but is executed differently. The attackers used a remote access tool to target a POS system that the company previously believed had not been compromised. The company reported that the malware used by attackers is highly sophisticated in nature and extremely difficult to detect.

Wendy’s believes that the cyber attack occurred after some third-party providers’ remote access credentials to the franchise restaurants’ POS systems had been compromised. Many franchisees and operators throughout the retail and restaurant industries contract with third-party service providers to maintain and support their POS systems. The company has said that it has disabled the malware where it has been detected.

Wendy’s is continuing to work with its experts and federal law enforcement to continue its investigation. The attack appears to be limited to franchised locations, as Wendy’s claims that no company-owned restaurants have been affected. Wendy’s has established a toll-free number, (888) 846-9467, and email address, [email protected], that customers can contact with specific questions.

The threat of cyber attacks against large companies has grown in recent years. A series of high profile attacks has compromised the personal and payment information of millions of Americans across the country. While companies have been taking steps to improve their security measures, those actions have not appeared to slow the pace of attacks or reduce the amount of compromised information.