Dairy Queen hit by card data stealing malware

Dairy Queen has become the latest company to be hit by payment card stealing malware, reports the Wall Street Journal. The breach is said to have affected 395 of its 4,500 American locations.

The company said in a statement aimed at both Dairy Queen and Orange Julius customers (which it also owns) that “based on our investigation, we are confident that this malware has been contained.”

Network World reports that while “the stolen information comprised customer names, payment card numbers and card expiration dates”, no customer information – such as “Social Security numbers, PINs or email addresses” were stolen.

Bloomberg reports that the ice cream chain, owned by Warren Buffet’s Berskshire Hathaway group, was affected by the infamous ‘Backoff’ malware which has been reported to target more than 1,000 businesses, according the US Secret Service, as we reported back in August. As ESET malware researcher Lysa Myers said at the time: “malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.” You can read Myers’ detailed guide for businesses concerned that they may be a target here.

Veteran security reporter Brian Krebs said on his Krebs on Security website back in August that Dairy Queen was made aware of the possible breach on August 28: “A spokesman for Dairy Queen has confirmed that the company recently heard from the U.S. Secret Service about ‘suspicious activity’ related to a strain of card-stealing malware found in hundreds of other retail intrusions. Dairy Queen says it is still investigating and working with authorities, and does not yet know how many stores may be impacted.”

Readers can find a full list of the hacked stores – which are spread across 46 states – and the time-frames over which they were attacked on the Dairy Queen website.

Settawat Udom / Shutterstock.com

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.