Newsroom

In light of a possible data breach at the fast-food chain Wendy's, NAFCU Vice President of Legislative Affairs Brad Thaler on Wednesday urged House and Senate leaders again to support national data security standards for merchants.

"Americans' sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," Thaler wrote in a letter to House and Senate leaders. Thaler pointed out that financial institutions are already subject to data security standards under the Gramm-Leach-Bliley Act, but merchants are not.

Wendy's has some 6,500 restaurants worldwide. It is investigating claims of a possible data breach at some of its locations that likely occurred late last year, though the details are still unknown, KrebsOnSecurity reported Wednesday.

Bob Bertini, spokesman for Wendy's, told Krebs the company started receiving reports earlier this month from its payment industry contacts about a potential breach and that Wendy's has a security firm looking into the claims.

"Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants," Bertini told Krebs. "We've hired a cybersecurity firm and launched a comprehensive and active investigation that's underway to try to determine the facts."

Bertini said it is still unknown whether the incident is contained, how long it lasted and how many stores or what information may be affected.

In his letter Wednesday, Thaler urged Senate Majority Leader Mitch McConnell, R-Ky., Senate Minority Leader Harry Reid, D-Nev., House Speaker Paul Ryan, R-Wis., and House Democratic Leader Nancy Pelosi, D-Calif., to support the "Data Security Act" (H.R. 2205/S.961).