The credit card breach at Wendy’s is likely to be way beyond the officially reported figure of “fewer than 300,” says KrebsOnSecurity, citing fraud and banking community sources. The fast food chain has confirmed it could be “significantly higher,” but declined to say whether the attack has been contained, indicating the intrusion may still be on.
The company had announced in May that 5% of its 5,800 stores were affected by the breach, but recently revised that figure, saying the breach happened in two parts. The first part involved malware at point-of-sale devices and the second part, it elaborates, was discovered later and involved a different strain or mutation of the original malware which targeted a separate point-of-sale system.
KrebsOnSecurity believes that, like Wendy’s, in most breaches involving hospitality, hackers remotely access payment data by exploiting remote management software for point-of-sale devices. Because of this, says Krebs, many retailers are now opting for card readers that are more secure.
Read the full story at KrebsOnSecurity.