Oct 10 Ice cream and fast-food restaurant chain
Dairy Queen has confirmed a security breach that may have
compromised the payment card information of customers at several
hundred locations across 46 U.S. states.
Computers at Dairy Queen locations, and one Orange Julius
smoothie stores, were infected by the malicious software,
Backoff, which has been targeting retailers since it first
surfaced a year ago, International Dairy Queen said late on
Thursday.
The Edina, Minnesota-based company is a subsidiary of
Berkshire Hathaway Inc.
"We are committed to working with and supporting our
affected DQ and Orange Julius franchise owners to address this
incident," John Gainor, chief executive of International Dairy
Queen, said in a statement.
The malware infected computers at 395 of its more than 4,500
U.S. locations, exposing the names, numbers and expiration dates
of customer payment cards, the statement said. There is no
indication that other personal information, including card PINs,
social security numbers or email addresses were stolen, it said.
International Dairy Queen said it is offering free identity
repair services for one year to customers in the United States
who made purchases at any of the effected restaurants.
Stores in four states, Rhode Island, Vermont, Hawaii and
Louisiana, did not appear to be impacted by the breach, the
company said.
The U.S. government has released reports on several types of
malicious software that cyber criminals have used to steal
payment cards in the wake of last year's breach on Target Corp,
which resulted in the theft of some 40 million card numbers.
Backoff, first identified in October 2013, is capable of
scraping computer memory for track data and logging keystrokes,
the U.S. Department Of Homeland Security warned retailers in
July.
