Hundreds of thousands of customers’ credit and debit card information may have been stolen after it was discovered that malware had been installed on payment systems and cash registers at hundreds of Arby’s restaurants in the U.S.
Arby’s was not made aware of the security breach until mid-January. At the request of the FBI the company did not go public about the incident, which could involve over 355,000 different credit and debit cards.
With over 3,330 restaurants in the United States, the breach may have affected hundreds of the chain’s locations but no franchises were affected, according to Krebs on Security. Approximately one –third of Arby’s stores are corporate-owned.
Arby's is working with law enforcement and computer security companies to investigate and the malware has since been removed from affected systems. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant,” an Arby's spokesman said in a statement provided to Krebs on Security.