On October 9, 2014, Dairy Queen acknowledged that almost 400 Dairy Queen locations and one Orange Julius location had been infected with the Backoff malware, providing attackers with access to an undisclosed number of customer names, payment card numbers and expiration dates.
Investigative reporter Brian Krebs first broke the news of the breach in August 2014, but at the time, Dairy Queen would only admit that it was investigating a possible breach and that “customer data at a limited number of stores may be at risk.”
The company now says an “extensive investigation” with the help of external forensic experts has determined that “a third-party vendor’s compromised account credentials were used to access systems” at the affected stores.
Although Dairy Queen hasn’t named the third-party vendor involved, Krebs reports that the vendor was point-of-sale solutions provider Panasonic Retail Information Systems.
“To the best of our knowledge, these types of malware breaches are generally associated with network security vulnerabilities and are not related to the point-of-sale hardware we provide,” Panasonic told Krebs. “Panasonic stands ready to provide whatever assistance we can to our customers in resolving the issue.”
A list of all affected locations, along with the length of time each location was affected, is available here. While the time periods vary widely, systems at affected stores were infected for as long as seven weeks.
“Based on our investigation, we are confident that this malware has been contained,” Dairy Queen said in a statement.
Two other recent retail breaches followed the same pattern — Goodwill Industries acknowledged last month that customer payment card data was exposed at 330 Goodwill stores in 20 states when the systems of third-party point-of-sale provider C&K Systems were infected with malware.
And sandwich chain Jimmy John’s admitted in late September 2014 that customer payment card data was stolen from 216 of its stores when the systems of point-of-sale vendor Signature Systems were infected with malware. Signature Systems reported that 108 independent restaurants were also affected.
Read the Full Article: Source – Extreme Tech
http://www.esecurityplanet.com/network-security/dairy-queen-acknowledges-major-credit-card-breach.html
Leave a Reply
You must be logged in to post a comment.