Wendy’s Restaurants Investigating Potential Data Breach

In the wake of yet another possible data breach, we want to remind our readers that today is Data Privacy Day. Data Privacy Day is an international holiday that occurs every January 28th with the purpose of raising awareness and promoting privacy and data protection best practices. Data Privacy Day is currently ‘celebrated’ in the United States, Canada, and 47 European countries. This educational initiative focuses on raising awareness among businesses, consumers, and families about the importance of protecting the privacy of their personal information online, particularly in the context of social networking. The educational focus also include events and activities that stimulate the development of technology tools that promote individual control over personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among those interested in advancing data protection and privacy.

Wendy’s, the nationwide chain of quick service/casual dining restaurants, reports that they are investigating claims of a possible data breach of customer credit and debit card information that may have affected thousands of its North American customers. The Ohio-based chain is looking at several reports of “unusual activity” on cards used at Wendy’s locations across the country.

News of the potential data breach comes in response to questions posed by security expert Brian Krebs of Krebs on Security, whose diligence in data security issues has uncovered many of the largest data breaches in retail history. Krebs first broke the news of the Target and Home Depot breaches, among dozens of additional data breaches.

- Sponsor -

Wendy’s spokesman Bob Bertini confirmed the possible breach and reported that Wendy’s is cooperating with law enforcement in a criminal investigation.

“We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,” states Bertini. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cyber-security firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”

The full extent of the incident is not known. Bertini further stated that it was too soon to determine whether the incident has been contained, or to speculate on how long it persisted or how many stores may have been compromised. Initial reports indicate that the initial data breach likely occurred sometime in December 2015.

Wendy’s currently operates approximately 6500 franchise and company-operated restaurants in the United States and 28 countries worldwide. Approximately 85 percent of the locations are franchise-owned operations.

Data breaches have become more common in the restaurant business, an industry trend that is believed to be the result of outdated POS technology, according to industry experts. Recent data breaches include intrusions at Dairy Queen, P.F. Chang’s, Morton’s, Jimmy John’s, and Rainforest Café.

Customers that have used a credit or debit card for purchases at a Wendy’s location within the past three months are urged to review their billing statements for any inaccuracies and report any fraudulent activity to their bank or credit card company immediately.

For more on defending your company from data breaches, cyber fraud and related data protection concerns, read the LP Magazine feature article “Building a New Data Security Defense Team” by clicking here.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.