Arby’s Hit with Data Breach, Credit Card Data Lost
While Arby’s has suffered from a bit of an image problem in the past—when even “The Simpsons” is mocking you, you know there are problems afoot—it’s improved of late and delivers an impressive profile of meat-laden value for its customers to enjoy.
However, those image problems of the past may come back to haunt Arby’s as a new data breach recently came to light that hit back in January.
The report was first spilled by Brian Krebs, a well-known figure in cybersecurity, which was subsequently confirmed by Arby’s proper.
The source of the breach seems to be mostly at the corporate level, as the breach hit just one franchise location. It also, however, hit almost 1,000 corporately-owned locations, meaning that the breach is fairly substantial.
Even Krebs got the word from somewhere, as the first notice came out from PSCU, a credit union service organization (CUSO) that sent out a non-public alert on the topic.
Arby’s noted that the breach was ultimately traced back to a malware infection on its point-of-sale system, which prompted Arby’s to notify law enforcement rapidly. Arby’s is cooperating actively in all investigations, and is working with a slate of cybersecurity firms in a bid to try and find those responsible as well as patch up the holes involved.
It’s one of the oldest problems of any mobile payment system, and we see here that security is not only vital for protecting users against data breaches but also for protecting users after a breach. Breaches are inevitable.
It’s really only a matter of time until any user is caught up in one; not one of us is immune. The response Arby’s has shown so far is about as good as anyone could ask for; the only question is what it will do when the fallout from the breach is revealed.
If the company aggressively offers credit protection measures, that will be about as good as it could be.
Mobile payment security is more than just protection against breaches; it’s protection after the fact too. Arby’s has a real opportunity to keep—and win—customers and step up to the plate here; the only question is, where will it go in this new post-breach environment?