Dairy Queen has confirmed that the fast food restaurant chain may be the latest victim of the recently discovered “Backoff” malware targeting more than 1,000 businesses and their point-of-sale payment systems.
According to reporter Brian Krebs, the retailer was alerted by the United States Secret Service of “suspicious activity” related to the malware attack.
Dairy Queen is continuing to investigate further while working with authorities to discover how many stores may have been affected and for how long.
Days before Dairy Queen announced the incident, Krebs had originally reported that anonymous sources from multiple financial institutions had been seeing a pattern of fraud on cards recently used at various Dairy Queen location across several states.
“There are also indications that these same cards are being sold in the cybercrime underground,” said Krebs.
The restaurant chain has responded by assuring it is continuing to work closely with authorities, affected franchised locations, credit card processors and credit card companies to gather relevant information.
“We are continuing to communicate with our franchisees and service providers regarding steps necessary to protect customer data and minimize any impact to our customers,” said Dairy Queen in a statement.
Other U.S. retailers recently breached by the malicious malware include The UPS Store – confirmed on August 21 – and supermarket chain Supervalu – confirmed on August 14.
“One continuing theme we are seeing is the inability to detect and respond to these events,” said Tripwire security researcher Ken Westin. “When the Secret Service or fraud analysts are involved, it’s an indicator that the network has been compromised and stolen data has already found its way into underground carding forums.”
Westin added that many retailers are not able to determine the scope of the breach without the right tools or the data to identify anomalies and other key indicators of a network intrusion.
The Department of Homeland Security issued an advisory late last week reporting seven other companies had learned of multiple customers affected by the “Backoff” attack, but the majority of businesses have yet to report or realize they have been affected.
Read More Here…