Wendy's PoS Hacked
Wendy’s released their first quarter financial statement today and in it the restaurant chain addressed their ongoing investigation into credit card breaches at their stores. It was found that somewhere around 300 of their franchises had been infected with malware on their point-of-sale systems (PoS). It’s believed the malicious software was installed starting in fall of 2015 using credentials from a compromised third-party vendor.
According to an internal investigation, the Aloha PoS system that is used by company-operated and most franchise locations was unaffected by the malware. They plan on having this system installed throughout North America by the end of 2016. Wendy’s is attempting to narrow down the source and figure out the extent of the damage done by the attack, but fortunately they have been able to remove the malicious software from infected systems.
In addition to this attack, 50 other franchises have been flagged for having problems with their cybersecurity. Unfortunately narrowing down and dealing with these problem are made more difficult by the fact that most Wendy’s restaurants are independent franchises.
There have been rumblings from financial institutions that something was going on within the Wendy’s organization as many of them have been having to deal with the fallout from numerous credit card fraud claims. According to banks and credit unions, it appears that credit card information was still being stolen from the restaurants up until April.