American fast food chain Wendy’s has admitted that the data breach affecting the company reported last month was a lot bigger than what was said.
The Wendy’s breach came into light last month after the company began investigating unusual activity involving customer credit cards in January this year.
“Based on the preliminary findings of the previously-disclosed investigation, the Company reported on May 11 that malware had been discovered on the point of sale (POS) system at fewer than 300 franchised North America Wendy’s restaurants,” Wendy’s stated. “An additional 50 franchise restaurants were also suspected of experiencing, or had been found to have, other cybersecurity issues.”
Wendy’s has described the breach as “extremely difficult to detect,” uploaded via a remote access tool to a second POS system that was not previously known to be infected.
The Company believes this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system in certain franchise restaurants serviced by those providers.
After detecting the malware, the Company has already disabled it in all franchise restaurants where it has been discovered, and continues to work aggressively with its experts and federal law enforcement to continue its investigation.