In 2015, Wendy’s data breach happened. But how? Also, what can we learn from this breach?
Read on to learn more.
Wendy’s Data Breach
The data breach happened because of a point-of-sale attack. So, it stole credit card data from the food chain.
But how big was the impact? It affected 1,025 stores.
Due to the incident, Wendy’s did an investigation. Also, according to its report, the leak happened in fall 2015.
Additionally, Wendy’s stated that a third-party vendor was the cause of the malware. But, what made Wendy’s examine the incident?
Some credit unions and credit issuers found out that there were unusual card activities. Then, they noticed Wendy’s was the source of its transactions.
Besides, the impact of the breach is five to ten times bigger than Target and Home Depot breach.
Moreover, Wendy’s cooperated with forensic experts and law enforcement. So, they are investigating why the malware entered its systems. Also, how it affects their operations.
Furthermore, Wendy’s already succeeded in removing the malware. But, they said that it might affect the other locations.
In fact, they estimated that it affected other 50 franchise restaurants. Also, they said that it was very difficult to eradicate.
The Impact of Wendy’s Data Breach
In Wendy’s initial report, it affected 5% of its stores and operations. Yet, after a month, they said that the effect is still ongoing.
Why? There were two waves of the data breach. The first wave was when malware attacked the POS devices of the 300 stores.
So, how did the second wave happened?
Security experts notice another malware strain at the other locations. Thus, this new strain affected different POS.
Besides, many franchises use third-party vendors. These vendors maintain POS systems. But, the hackers attacked through third-party vendors.
So, the customers’ information was compromised. After the hackers install the malware, they were able to steal the data remotely. How?
Furthermore, these hackers can sell private information to the black market.
The stolen data
It stole sensitive information. This includes the following:
- cardholder names
- debit and credit card numbers
- card expiration dates
- verification numbers
- service codes
The consequences
Because of the breach, Wendy’s face the following consequences:
- commercial loss
- reputational damage
Wendy’s Data Breach Timeline
- Fall 2015 – malware installed
- January 2016 – creditors alerted Wendy’s about the fraud incidents
- January 27, 2016 – confirmation from Wendy’s
- February 9 – malware on some locations
- April 2016 – ongoing breach
- April 25, 2016 – First Choice Federal Credit Union filed a lawsuit against Wendy’s
- May 11, 2016 – successfully removed the malware
- June 9, 2016 – the second wave of malware installed
- July 7, 2016 – a total of 1,025 locations affected
What You Can Do
If you are one of Wendy’s card customers, what can you do? One step is to take precautions to minimize fraud.
Today, businesses replace cards with EMV or chip-based cards. Why?
EMV cards are more secure than the old magnetic stripes. So, it’s more harder and costly to fake.
Also, businesses encourage using multi-layered security. So, users can protect their information.