DUBLIN, Ohio — The Wendy’s Company provided more information about last month’s data breach that affected 1,025 of its restaurants, including locations in North Carolina.
On June 9, malware that affected some franchise-owned restaurants was discovered and disabled by the company, similar to malware that had been reported as causing unusual payment card activity for some locations in February. On Thursday, Wendy’s released information regarding which restaurants were specifically affected, as well as support for any customers who had been affected by the data breach.
The breach was traced back to a cyberattack that compromised service providers’ remote access credentials, allowing for some franchisees’ point-of-sale systems to be affected by malware. An investigation determined that the malware had been installed in some systems as early as fall 2015. Specific payment card information was targeted in the cyberattack, including cardholder name, card number, expiration date, cardholder verification value (CVV) and service code.
“We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks involving some Wendy’s restaurants,” Todd Penegor, President and CEO of The Wendy’s Company said in a press release. “We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures.”
Customers can learn more about the data breach at Wendy’s website, including a list of impacted restaurant locations. Affected North Carolina locations include franchises in Cherokee, Clinton, Fayetteville, Hope Mills, Lumberton, Murphy, Siler City and Warsaw. Each of these locations was impacted from Dec. 2, 2015 to June 8, 2016.