On Thursday, Wendy’s President and CEO Todd Penegor put out a statement apologizing for the attacks and saying, “As we have reported over the past several months, unfortunately, some Wendy’s restaurants have been the victim of malicious cyber activity targeting customers’ payment card information”.
Advertisement
Corporate-owned stores have not been affected, according to the company.
Customers can see which locations were affected through the Wendy’s website.
Dublin, Ohio-based Wendy’s asks customers to check their accounts for any fraudulent purchases and is offering free one-year credit monitoring, as well as identity consultation and identity restoration services. No locations in the Allentown, Bethlehem or Easton areas are on the list.
Most regional restaurants were affected between January 13 and June 8, the company said on its website.
The hamburger chain said Thursday hackers were able to obtain card numbers, names, expiration dates and codes on the card, beginning in late fall. “We will continue to work diligently with our investigative team to apply what we have learned from these incidents and further strengthen our data security measures”. In May, Wendy’s said fewer than 300 stores had been hit by the cyber attack.
The company worked with third-party forensic experts, federal law enforcement and payment card industry contacts as part of its investigation, which found that specific payment card information was targeted by the additional malware variant.
Advertisement
Wendy’s encourages customers to review their bank and credit card statements and to monitor for fraud and identity theft. Investigators say the hackers may have been able to install the malware as a result of service providers’ remote access credentials being compromised.
