dairy queen confirms malware intrusion at some u.s. locations

Dairy Queen ^ | 10-9-14 | Dean A. Peters

[TurboZamboni]

EDINA, MINN. — International Dairy Queen, Inc. today confirmed that the systems of some DQ® locations and one Orange Julius® location in the U.S. had been infected with the widely-reported Backoff malware that is targeting retailers across the country. The company previously indicated that it was investigating a possible malware intrusion that may have affected some payment cards used at certain DQ locations in the U.S. Upon learning of the issue, the company conducted an extensive investigation and retained external forensic experts to help determine the facts. Because nearly all DQ and Orange Julius locations are independently owned and operated, the company worked closely with affected franchise owners, as well as law enforcement authorities and the payment card brands, to assess the nature and scope of the issue. The investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at some locations.

The investigation has established the following: •The Backoff malware only impacted payment card data at 395 of the more than 4,500 U.S. locations. •The time periods during which the Backoff malware was present on the relevant systems vary by location. A list of impacted locations, as well as the relevant time periods, is available at www.dq.com/datasecurityincident/. •The affected systems contained payment card customer names, numbers and expiration dates. The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection. •Based on our investigation, we are confident that this malware has been contained.

[TurboZamboni]

Happened in late August, which means that it's taken DQ just over a month to tell its customers that their cards might have been hijacked.

locations affected:

http://www.dq.com/us-en/datasecurityincident/affected-stores/?localechange=1&

Since this seems to be a weekly occurance, maybe that whole "cashless" society our overlords seem to want for us is being undermined .

[no-to-illegals]

my opinion ... has to be on the card and is transferred when swiped.

[Repeal The 17th]

It must have come upon then like a blizzard.

[johniegrad]

Who uses a “payment card” at a Dairy Queen?

[Wyrd bið ful aræd]

People should put a freeze on their accounts.

[nascarnation]

I can’t say I’ve ever used a credit/debit card at a fast food, but it’s pretty common these days. I see it all the time.

[TurboZamboni]

gives me a mister misty headache...

[no-to-illegals]

My best guess ... not only is the malware that is being transferred into the systems coming from the cards being swiped, they have been manufacturing the cards (bogus) and implanting the malware via cards. Some cards are probably being utilized for probes and testing and to keep investigators chasing around in circles. The hits on the banks are probably coming from either outside at the ATMs or hacks outside the country though I do not discount ATMs. The malware can be sophisticated or benign depending on the expertise of those manufacturing the cards. My best guess.

[ImJustAnotherOkie]

bought an ice cream cone for cash...Yes!!! got away again...!

[boop]

"Who uses a “payment card” at a Dairy Queen?"

The same people who purchase "quality" items at K-Mart.

[Wordkraft]

And no obvious harm has been noted.