Wendy’s breach – Fraud.org


Wendy’s, the Ohio-based fast-food chain, announced a point-of-sale terminal breach in late January 2016. In July 2016, the company announced that the breach was significantly larger than previously disclosed.

Announced: January 2016 (updated July 2016)

Description of breach: From December 2015 – June 2016, at least 1,025 Wendy’s restaurants had their point-of-sale systems affected by a data breach. Wendy’s has reported that customers who paid with their credit or debit card at an affected location may have had their their cardholder name, credit or debit card number, expiration date, cardholder verification value (CVV), and service codes of a customer’s payment compromised.

Consumers who visited a Wendy’s location during this breach period, are encouraged to determine if they were affected by the breach by searching the list of affected restaurants found here.

Consumers who purchased any items from a compromised Wendy’s during the breach time period, are being urged to closely monitor their credit, and take advantage of their offer to pay for one year of free credit monitoring services by calling them at (866) 779-0485.

Data breach period: December 2015 – June 2016

Affected customers: Unknown. 1,025 locations were affected.

Official information from Wendy’s: An FAQ is available here.

Contact Wendy’s: Customers may call a toll-free number (888-846-9467) or email PaymentCardUpdate@wendys.com with specific questions.

More coverage of this breach: KrebsOnSecurityJuly update from KrebsOnSecurity