Fast food restaurant Dairy Queen has confirmed that systems in some of their locations have been infected with malware that puts at risk credit and debit card data of customers of the retail chain.The company has been alerted by the US Secret Service that its systems were affected by a piece of PoS malware also found in hundreds of other retail intrusions.
This suggests that Backoff PoS malware is at fault, since this is the threat that has been announced in an advisory from the Department of Homeland Security (DHS) to impact more than 1,000 businesses in recent attacks.
The company said in a statement to the Business Journal that “customer data at a limited number of stores may be at risk” and that the affected franchised locations had been notified along with the credit card processors and credit card companies in order to collect relevant information about the incident.
At the moment, there is no information about the number of stores impacted, or the number of customers whose data has been exposed.
The intrusion disclosure follows a report earlier this week from security blogger Brian Krebs, who learned from several financial institutions that fraud on cards used at half a dozen Dairy Queen (DQ) locations had been detected.
Krebs contacted company representative Dean Peters to ask for details, but was informed that no card fraud reports had been received at individual DQ stores, stressing “that nearly all of Dairy Queen stores were independently owned and operated.”
Furthermore, even if a breach or any other problem was detected, Peters said that the franchisees are not required to notify the company.