Arby’s Pwned By Malware…. Credit Card Info Swiped
Today is clearly the day for hacks. The latest company to disclose that they’ve been pwned by hackers is fast food chain Arby’s. Apparently hackers used malware to swipe credit card data according to security expert Brian Krebs:
A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.
“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity.
“Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant,” their statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”
Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.
I really don’t think anyone knows the difference between franchised and corporate locations and as a result customers will steer clear of both. But the use of malware to swipe credit card data isn’t new. Just ask Home Depot who got hit by this a while back. But these attacks are clearly on the rise and companies need to ensure that they are defending themselves against this threat.