If you have used a credit card at a Wendy's fast food chain lately, your personal data may have been compromised. Wendy's has again announced bad news about data breaches and how it has been dealing with multiple cyberattacks, some of which went on for months.
The fast food chain says it is working with the payment card industry, federal law enforcement, and forensics experts throughout its investigation and said it will beef up security across all of its system. It's also offering fraud and identity restoration consultation services to affected customers.
Wendy's has been dealing with malware and cyber security issues a lot lately. In February, the company announced that it was investigating unusual payments at franchise stores. In May, Wendy's revealed that it had discovered malware in certain point-of-sale systems and worked with investigators to disable it.
We believe that both criminal cyberattacks resulted from service providers' remote access credentials being compromised, allowing access - and the ability to deploy malware -- to some franchisees' point-of-sale systems," writes Todd Penegor President and CEO in a statement issued this month.
The data taken by hackers includes cardholder names, credit or debit card numbers, expiration dates, cardholder verification values, and service code. "Please note," writes Wendy's, "that the cardholder verification value that may have been put at risk is not the three or four digit value that is printed on the back or front of cards, which is sometimes used in online transactions."
Despite this reassurance, customers should be concerned about this security breach, and so should everyone else. The amount of information taken from the company's systems and the length of time these cyberattacks went undetected indicate that we are all taking a risk when we leave so much identifying information behind us all the time.
Given the gravity of this disclosure, Wendy's has created a search tool for customers to use and locate affected restaurants. If your location, or city, or state does not show up in the search, it's not an area identified by the company's investigation. If it does, you may decide to avail yourself of the company's offer of one year of fraud consultation and identity restoration services.