Stay away from our Blizzards. That was the message from Dairy Queen when the soft serve/fast food chain revealed Thursday it had discovered a malicious software intrusion that may have compromised customers' financial information.
International Dairy Queen Inc. confirmed to the Wall Street Journal that the data breach affected 395 of its more than 4,500 locations throughout the U.S. Hackers used “backoff” malware to track and record transactions in register machines. Cyberthieves used the same tactic, known as point-of-sale malware (POS malware), to get into Home Depot, Target and other retailers’ network systems in recent high-profile hacks.
Dairy Queen said hackers may have gained access to customer names, credit and debit card numbers, and cards' expiration dates. The store, taking inspiration from the previously hacked United Parcel Service and Jimmy John’s sandwich shop, released a complete list of the affected stores. Hacks were most common in Kentucky, Indiana and North Carolina, though the malware affected restaurants in 46 states.
Find the complete list by clicking this link, which points to Dairy Queen’s website.
“Based on our investigation, we are confident that this malware has been contained,” the store said in a statement. “We deeply regret any inconvenience this incident may cause.”
While Dairy Queen has come forward with details about the hack, there are likely other businesses impacted by the backoff malware strain that haven't yet. The U.S. Department of Homeland Security and the U.S. Secret Service released a security report in July warning that backoff was capable of “scraping memory for track data, logging keystrokes, command and control communication and injecting malicious stub into explorer.exe.”
Hackers using backoff have also broken into Neiman Marcus, P.F. Chang’s China Bistro, the Supervalu grocery chain, and more than 1,000 others, the Homeland Security Department said.