Dairy Queen: Another 'Backoff' Victim?Chain Investigating Possible Compromise at Its Stores
Dairy Queen says it was recently notified by federal authorities that a limited number of its stores may have been hit by the 'Backoff' malware.
See Also: The Power and Scale of XDR
Dairy Queen has more than 6,000 restaurants in the U.S., Canada and 18 other countries.
The news comes in the aftermath of an Aug. 22 Department of Homeland Security advisory, which warned that more than 1,000 U.S. businesses have had their systems infected by Backoff, a new point-of-sale malware that has been linked to numerous remote-access attacks.
"We, like many other companies, were recently notified that customer data at a limited number of stores may be at risk, due to the widespread proliferation of the 'Backoff' malware," says Dean Peters, associate vice president of communications at Dairy Queen.
Dairy Queen says it's been cooperating with authorities in investigating the possible malware attack. The chain is also communicating with potentially affected franchised locations, credit card processors and credit card companies to gather relevant information.
"We continue to communicate with our franchisees and service providers regarding steps necessary to protect customer data and minimize any impact to our customers," Peters says.
An executive at one card issuing bank in the Southeast, who asked not to be named, tells Information Security Media Group that the bank has seen card fraud apparently tied to Dairy Queen transactions in recent weeks.
Security blogger Brian Krebs was the first to report on a possible breach at the restaurant chain.
Breaches Linked to POS Malware
Mizado Cocina, a New Orleans restaurant, announced Aug. 19 that it was targeted by Backoff, which appears to have compromised credit and debit transactions conducted between May 9 and July 18 (see: New Breaches Tied to Evasive Malware).
Earlier, UPS Stores reported it suffered a malware attack that compromised some 105,000 point-of-sale transactions at 51 stores. UPS has declined to comment about whether the malware it found on its POS systems was, indeed, Backoff, noting that its investigation into the breach is ongoing.
But in an Aug. 21 statement, the company says it began auditing all POS systems at UPS Stores after receiving the July 31 DHS alert about the rise in POS malware attacks, including several linked to Backoff.