Potentially more than 355,000 Arby’s customer’s debit and credit cards could have been compromised in a data breach that occurred at hundreds of locations, the brand confirmed to KrebsonSecurity. The hackers used malware on the chain’s payment systems of corporate stores nationwide.
KrebsonSecurity reports that Arby’s learned of the breach in mid-January and took action, but was asked to wait to go public by the FBI.
The company said in a written statement to KrebsonSecurity that it enlisted “the expertise of leading security experts, including Mandiant,” and that “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”
The brand added that franchised locations were not impacted. More than 1,000 of Arby’s 3,330-plus stores are corporate owned, but not all were affected, the company said. The breach is estimated to have occurred between October 25 and January 19.