Arby’s Restaurant Group has acknowledged a payment card breach at its corporate-owned restaurants in the US and said it did not immediately go public with the information at the behest of the FBI, says KrebsOnSecurity. An alert by credit union body PSCU to member banks says the incident occurred between October 25, 2016, and January 19, 2017, and compromised more than 355,000 credit and debit cards.
The sandwich chain has more than 3,300 stores in the US, of which one-third are corporate-owned. Not all corporate outlets were affected by the breach. Franchises, which make up the remaining two-thirds of the count, were unaffected. Arby's says that once alerted, it took immediate steps to fully eradicate the malware on point-of-sale systems. The investigation is ongoing.
KrebsOnSecurity says the Arby's attack has brought back painful memories of last year's Wendy's breach, which caused banks and credit unions to re-issue payment cards multiple times as the malware could not be fully removed and customers were repeatedly compromised.
Read full story here.