[BreachExchange] Wendy's Update On Unusual Credit Card Activity

[Audrey McNeil]

http://finance.yahoo.com/news/wendys-unusual-credit-card-activity-211500646.html

The Wendy's Company (WEN) announced today that additional malicious cyber
activity has recently been discovered in some franchise-operated
restaurants. The Company has disabled the malware where it has been
detected.

This latest action is the result of the Company's continuing investigation
into unusual credit card activity at some Wendy's® restaurants. Reports
indicate that payment cards used legitimately at Wendy's may have been used
fraudulently elsewhere.

Based on the preliminary findings of the previously-disclosed
investigation, the Company reported on May 11 that malware had been
discovered on the point of sale (POS) system at fewer than 300 franchised
North America Wendy's restaurants. An additional 50 franchise restaurants
were also suspected of experiencing, or had been found to have, other
cybersecurity issues. As a result of these issues, the Company directed its
investigator to continue to investigate.

In this continued investigation, the Company has recently discovered a
variant of the malware, similar in nature to the original, but different in
its execution. The attackers used a remote access tool to target a POS
system that, as of the May 11th announcement, the Company believed had not
been affected.  This malware has been discovered on some franchise
restaurants' POS systems, and the number of franchise restaurants impacted
by these cybersecurity attacks is now expected to be considerably higher
than the 300 restaurants already implicated. To date, there has been no
indication in the ongoing investigation that any Company-operated
restaurants were impacted by this activity.

Many franchisees and operators throughout the retail and restaurant
industries contract with third-party service providers to maintain and
support their POS systems. The Company believes this series of
cybersecurity attacks resulted from certain service providers' remote
access credentials being compromised, allowing access to the POS system in
certain franchise restaurants serviced by those providers.

The malware used by attackers is highly sophisticated in nature and
extremely difficult to detect. Upon detecting the new variant of malware in
recent days, the Company has already disabled it in all franchise
restaurants where it has been discovered, and the Company continues to work
aggressively with its experts and federal law enforcement to continue its
investigation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160610/02c17b9c/attachment.html>