Newsroom

February 11, 2016

Wendy's says POS malware found; Kohl's also hacked

A statement from the fast food chain Wendy's, which has been investigating a suspected breach affecting customers' credit cards, says point-of-sale malware has been found at "some" of its locations.

Wendy's said in a statement this week: "Out of the locations investigated to date, some have been found by the cybersecurity experts to have malware on their systems. The investigation is ongoing and the company is continuing to work closely with cybersecurity experts and law enforcement officials."

The investigation follows the January discovery that a data breach late last year at some Wendy's locations was likely at the root of fraudulent charges on payment cards used there. Wendy's has some 6,500 restaurants worldwide, but it has not said how many locations were affected.

NAFCU responded to the news of a breach by urging House and Senate leaders again to support national data security standards for merchants. In particular, NAFCU has continued to push for lawmakers to support the "Data Security Act" (H.R. 2205/S.961).

In related news, a man from Orlando, Fla., has filed suit against Wendy's after finding a fraudulent charge on his credit card of $577 following the alleged exposure of his data through a Wendy's purchase. The man's lawyer said the size of a potential class action or the amount of damages suffered will not be clear until more information is provided by Wendy's as to the extent of the breach.

KrebsOnSecurity initially reported on the suspected Wendy's breach in January. Yesterday, it also reported that Kohl's has been hit by scammers using hacked accounts to order expensive products and use the "Kohl's cash" at Kohl's locations. The products are shipped to the victims' homes and the hackers instead benefit by redeeming the "cash" rewards for items they will either resell or return for gift cards.

Kohl's currently offers $10 for every $50 spent at the store. Kohl's said it is aware of "a limited number of cases" and encouraged customers to change passwords frequently.