In June, reports revealed that the hacking attack suffered by Wendy's was worse than initially thought, as investigations found another piece of malware in the fast food chain's point-of-sale systems.
The new malware was found in POS systems, which were thought to have been unaffected by the attack. With its discovery, it was expected that the number of compromised Wendy's restaurant locations would increase to much higher than the 300 locations previously reported.
An update to the investigations on the hacking attack claimed that at least 1,025 Wendy's outlets were now affected, and that in addition to compromised credit cards being charged with fraudulent transactions, credit card and debit card information was also stolen.
There was no speculation on how many people had their credit card and debit card information. However, Wendy's did say that all the affected stores are located in the United States.
Wendy's has over 5,100 franchised outlets in the country, along with 582 company-owned restaurants. The company-owned locations were not affected by the security breach.
In a statement to address the issue, Wendy's CEO and President Todd Penegor wrote that the company sincerely apologizes for any inconveniences caused by the cyberattacks, while also offering more information to customers regarding the incident.
The statement contained an FAQ section on all the details that customers may ask regarding the incident, including Wendy's efforts in the investigation, how they would know if they were affected by the hacking attack and what services Wendy's is offering to assist those whose credit card and debit card information were compromised.
Wendy's has released a system on its website that will allow users to check if they were possibly victimized by the security breach. Users can input the city and state of Wendy's stores they have visited in the U.S., then the system will show the locations in the areas affectd and the timeframe on which the cyberattack occurred in that particular outlet.
For customers who used their credit card or debit card in the affected restaurants during the timeframe when the hack was active, Wendy's has offered a free one-year service for fraud consultation and identity restoration.
The Wendy's hacking debacle, according to NSFOCUS chief research intelligence analyst Stephen Gates, shows the need for businesses to step up their security measures in detecting and preventing such cybercrimes.
According to Wendy's spokesman Bob Bertini, the attackers were very careful in covering their tracks, making the security breach very difficult to detect. However, once the malware was found, it was disabled within a week.