The Wendy’s Breach News Continues Getting Worse: Payment Card Data Involved

July 11, 2016         By: Steven Anderson

I love Wendy’s food. My Tuesday night dinner of choice is a large double with a Sprite, and for the most part, it works out well.

The food is good, not too pricey, and the drive-thru window proceeds at a good clip.

Recently, however, it’s been struggling under the impact of a recent system breach, and some new details that came out will put some users off their french fries.

The newest word from Reuters says that Wendy’s put out more details, and the details don’t reveal a happy picture.

Original estimates suggested a “few hundred” locations were at risk, but that’s not the case, as the newest word projects 1,025 locations as vulnerable.

Wendy’s further confirmed the data seized, which included “cardholder name, credit card number, debit card number, expiration date, cardholder verification value, and service code.”

Only franchisees were actually targeted, reports note; the 582 restaurants owned by the company proper were unaffected by the breach, and for those wondering whether or not their restaurant of choice was hit by the breach, Wendy’s actually set up a page allowing users to search “potentially affected locations” by country, state and city.

My Wendy’s wasn’t actually listed, and—as the site notes—those who can’t find their Wendy’s in the roster can rest easier, as “…it is has not been identified as affected by our forensic investigation.”

That extra “is” is a direct quote, which is strange, leaving a grammatical error in a major customer-facing page like that.

At any rate, this is a further and ongoing black eye to Wendy’s, and a reminder to all quick-serve restaurants (QSRs) out there to step up security.

Remember, it’s not just about keeping unauthorized users out. Perimeter defenses alone won’t do the job; encryption is a necessary part of computer security that’s often overlooked, but can be a huge help.

It’s not much help in keeping users out, but it’s a big help in making the produce of said users’ theft worthless.

The combination of perimeter defenses and encryption will go a long way toward making systems safer.

Wendy’s may not be able to quickly recover from this hit, but it likely will recover at some point.

That’s good news for Wendy’s, though it’s going to need to pull out a real recovery if it expects to get anywhere down the line.