Dublin / OH. (twc) The Wendy’s Company announced that additional malicious cyber activity has recently been discovered in some franchise-operated restaurants. The Company has disabled the malware where it has been detected. This latest action is the result of the Company’s continuing investigation into unusual credit card activity at some Wendy’s® restaurants. Reports indicate that payment cards used legitimately at Wendy’s may have been used fraudulently elsewhere.
Based on the preliminary findings of the previously-disclosed investigation, the Company reported on May 11 that malware had been discovered on the point of sale (POS) system at fewer than 300 franchised North America Wendy’s restaurants. An additional 50 franchise restaurants were also suspected of experiencing, or had been found to have, other cybersecurity issues. As a result of these issues, the Company directed its investigator to continue to investigate.
In this continued investigation, the Company has recently discovered a variant of the malware, similar in nature to the original, but different in its execution. The attackers used a remote access tool to target a POS system that, as of the May 11th announcement, the Company believed had not been affected. This malware has been discovered on some franchise restaurants’ POS systems, and the number of franchise restaurants impacted by these cybersecurity attacks is now expected to be considerably higher than the 300 restaurants already implicated. To date, there has been no indication in the ongoing investigation that any Company-operated restaurants were impacted by this activity.
Many franchisees and operators throughout the retail and restaurant industries contract with third-party service providers to maintain and support their POS systems. The Company believes this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system in certain franchise restaurants serviced by those providers.
The malware used by attackers is highly sophisticated in nature and extremely difficult to detect. Upon detecting the new variant of malware in recent days, the Company has already disabled it in all franchise restaurants where it has been discovered, and the Company continues to work aggressively with its experts and federal law enforcement to continue its investigation.
OTHER TOPICS FROM THIS SECTION FOR YOU:
- Cloetta AB: announces Q2-2024 interim report
- Axfood AB: Reports Q2-2024 Financial Results
- Chef Robotics: Launches AI-Powered Food Robot
- Conagra Brands: Reports Fourth Quarter 2024 Results
- Limerston Capital sells Village Bakery to Groupe Menissez
- GrubMarket: Buys Major Foodservice Company in Texas
- Lantmännen acquires Entrack AB
- DPC Dash: Concludes H1-2024 with Sustained Expansion
- Norway: Orkla Food Ingredients acquires FDE
- Fondo Italiano d’Investimento co-invests in Casa della Piada
- Greggs: invests in a new frozen manufacturing and logistics site
- Bundeskartellamt imposes fine against «Fritz!» manufacturer AVM
- Yum China: Celebrates Opening of its 200th KCoffee Store
- Beijing intends to roll out 5’400 food production robots
- K-Citymarket: sees significant sales growth in Finland
- DPC Dash: reaches 900-store milestone in China
- Coffee Holding: Terminates Merger with Delta Corp Holdings
- Perkins Restaurant + Bakery: introduces new brand identity
- Engelmans Bakery: acquires St. Armands Baking Company
- National DCP: Breaks Ground on New Distribution Center