Wendy's says payment card info accessed in malware attack

Criminals stole credit card info -- including names and numbers -- in a malware attack revealed earlier this year at more than 300 franchise locations in the US.

Jacob Krol CNET Intern

Jacob Krol is an editorial intern for CNET. He has a big love for all things tech, and is a huge Springsteen fan and also a native New Jerseyan. Jacob is currently a rising junior at Muhlenberg College in Allentown, PA.

See full bio

Jacob Krol

July 7, 2016 8:32 a.m. PT

Scott Olson/Getty Images

Wendy's is serving up more details about a malware attack on its point-of-sale systems.

The burger chain said Thursday that malware on point-of-sales systems at more than 300 franchise locations targeted payment card information including "cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code." The malware led to unusual credit card activity beginning in autumn 2015.

Wendy's said it "quickly identified and disabled" the malware and investigated the incident with third-party experts, federal law enforcement and the payment card industry.

"We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures," said Todd Penegor, Wendy's president and CEO, in a release Thursday. The company believes criminals gained remote access to the point-of-sale terminals after service providers' credentials were compromised.

For customers potentially affected, a page on the Wendy's website provides data security FAQs and phone and email contact information for further questions. The company is also offering a year of free "fraud consultation and identity restoration" to customers who used a payment card at a potentially affected restaurant.