Skip to main content

Wendy's hit by massive #Cyberattack #Databreach


The company reported suspicious activity earlier this year, but the scale of the breach is far bigger than first anticipated.
At least 1,025 of its restaurants were targeted - with debit and credit card information stolen.
The company did not speculate how many people may have been affected, though it did say all of the locations were in the US.
Malware - malicious software - had been installed on point-of-sale systems in the affected locations.
The chain said it was confident the threat had been removed, and was now offering help to customers who may have been affected.
Help includes the offer of one year of "complimentary" fraud protection services.
In a statement outlining the details of the attack, Wendy's said the malware could have been operational in its restaurants from as early as Autumn 2015.
Suspicious activity was noticed in February of this year. The company went public with this discovery in May - saying it believed around 300 restaurants had been affected.
But with the number rising to more than 1,000, this hack ranks among one of the most significant in US history.
The Wendy's hack bears some similarity to the attack on Target in 2013. In that breach, around 40 million customers' details were stolen via malware installed on point-of-sale computers.
Wendy's has blamed a third-party for the intrusion, saying a "service provider" that had remote access to the till systems was compromised.
The company did not say who that service provider was, nor did it explain why it had remote access to the tills of 1,025 of the firm's 5,700 restaurants.
The company has set up a page for customers to check if a restaurant they bought food from has been affected.
Labels:

Comments

Post a Comment

Popular posts from this blog

Aleksei Burkov Pleads Guilty for running Online Criminal Marketplace

Story : Aleksei Burkov, 29 of St. Petersburg, Russia, has pleaded guilty in a US court to running a site that sold stolen payment card data and administering a highly secretive crime forum that counted among its members, some of the most elite Russian cybercrooks. More Detail : Aleksei, who was extradited to the US from Israel in November, pleaded guilty on Thursday to running a website that helped people commit in credit-card fraud. He is accused of running a website that let people buy stolen credit-card numbers for anywhere from $3 to $60 . People used the numbers to make more than $20 million in fraudulent purchases. Prosecutors say Burkov even offered a money-back guarantee if a stolen card number no longer worked.  Company: Aleksei admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being the founder and administrator of DirectConnection , an underground community that attracted some of the world’s most-wanted Rus
Post a Comment
Read more

New Venture

It's good to be back blogging...the last time I posted I worked as a Customer Success Manager for a DNS company. Since then, I have ventured to the CDN world, with the added mix of Cyber Security, WAF. Cyber Security is a true passion of mine and after nearly 10 years in this space, I love seeing how the industry and technology place has progressed and also ironically, stayed the same. I have enjoyed seeing the likes of Jane Frankland prosper in the field and be truly recognised as a thought leader with 'Women in Security' and her bestselling book 'IN Security'. Over the last few years I have met some truly amazing people, connected through the Women in Leadership platform which introduced me to a range of great individuals that broaden my knowledge into work places, diversity and pushing your own voice. Customer Success (CS), as a function is and should be the core of any business, concentrating on retention, relationship, client advocacy, project managing
Post a Comment
Read more

HCA International fined 200k for Data loss #ITSecurity #DataSecurity #unencrypted

HCA International Ltd, private health firm are the latest to be fined by the ICO.  They have been fined £200,000 for failing to keep data secure after it was found that conversations had by IVF patients were online. Audio recordings of interviews with patients were being sent to a company unencrypted in India for transcription. The Indian company was unable to maintain secure access due to an unsecure server. By failing to ensure its subcontractor had acted responsibly, HCA International failed to comply with the seventh data protection principle. More details on the monetary penalty notice click here Supplier Risk is a huge concern for most companies - You may have all the bells and whistles when it comes to security your infrastructure but your partners may not. Failing to ensure due diligence in the Supply chain costs - with HCA it was £200,000 - next year it would of been much more!! #EUGDPR
1 comment
Read more