- The Washington Times - Saturday, February 11, 2017

Hacked cash registers silently siphoned the credit card numbers of potentially hundreds of thousands of Arby’s customers before the fast-food chain was alerted last month, the company acknowledged this week.

Arby’s addressed the incident in a statement Thursday after cybersecurity reporter Brian Krebs contacted the company about a rumored data breach.

“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said.

“Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts,” its statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”

Arby’s did not immediately disclose the number of locations or cardholders affected, but said the malware only affected machines at corporate-owned restaurants.

“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” Christopher Fuller, Arby’s senior vice president of communications, told Mr. Krebs. “But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems.”

Mr. Krebs correlated the Arby’s breach with a non-public alert issued by a credit monitoring service recently regarding an unnamed retailer. The service, PSCU, said that a data breach had compromised more than 355,000 credit and debit cards, but identified the victim company only as “a large fast food restaurant chain, yet to be announced to the public.”

The notice said that affected cards had become compromised between October 25, 2016 and January 19, 2017, indicating the malware went unnoticed for nearly three months before being discovered. Arby’s acknowledged in a statement this week that it was notified in mid-January about the breach by industry partners, but said it had remained silent in the weeks since at the FBI’s request.

Arby’s said customers should monitor their financial statements for any unauthorized charges and report them immediately to their bank.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2021 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide