Dairy Queen confirms customer data breach
EDINA, Minn. — Dairy Queen confirmed Thursday
that restaurants in Minnesota, North Dakota and South Dakota were
affected by the customer payment card data breach the company suffered
in August.
The
Edina-based fast-food chain said 394 of its nearly 4,450 U.S. Dairy
Queen locations and one of its Orange Julius locations were breached by
cyber thieves using the Backoff malware.In Minnesota, 18 locations were affected, three in North Dakota were affected, as were three in South Dakota.
Dairy Queen reported that two Northland locations were affected by the data breach: the Grand Marais Dairy Queen between Aug. 3 and Aug. 29, and the Cloquet Dairy Queen between Aug. 4 and Aug. 29. The breach began in early August and was largely contained by early September — the specific duration varied by location.
The company said cardholder names, account numbers and expiration dates of fewer than 600,000 credit and debit cards were exposed, but it does not believe any other information — PINs, email addresses, etc. — was compromised.
Working with the U.S. Secret Service, Dairy Queen determined that thieves used stolen login credentials from a third-party vendor to gain access to payment card processing systems of affected stores. The thieves then uploaded malicious software designed to steal card data.
The malware, dubbed Backoff by the cybersecurity industry, was the subject of an August advisory from the Department of Homeland Security, which estimates more than 1,000 retailers have been victimized by it. High-profile cyberattacks at Home Depot and UPS reportedly also involved the Backoff malware.
Dairy Queen is offering free credit repair services to customers who used a payment card at one of the affected stores during the breach window. Anyone who thinks they may have been affected should call (855) 865-4456, Monday through Saturday from 8 a.m. to 8 p.m.
For a complete list of affected locations nationwide, go to dairyqueen.com.
No comments:
Post a Comment