Dairy Queen is dealing with a data breach similar to the one that hit Target stores last year, and several states may be impacted.
According to the Department of Homeland Security, the same type of malware found in Target stores may have been used to infiltrate the Dairy Queen restaurants. “Backoff” is used remotely to pick up on consumer payment data which is then, in turn, used for fraudulent purchases. KrebsOnSecurity says they have been inundated with calls from customers across several states–including Alabama, Indiana, Illinois, Kentucky, Ohio, Tennessee, and Texas–who say they’re seeing a lot of activity on their credit cards.
“We’re getting slammed today. We’re just getting all kinds of fraud cases coming in from members having counterfeit copies of their cards being used at dollar stores and grocery stores,” said a fraud manager.
A major roadblock in tracking down affected customers is the fact that a lot of Dairy Queen stores are franchises, owned and operated independently from the company, and as of now there is now mandate regarding reporting a potential breach in security.
“We would assist them if [any franchisees] reached out to us about a breach, but so far we have not heard from any of our franchisees,” said company spokesman Dean Peters.
Target had a massive battle on their hands when it was discovered last December that their security had been compromised right around the time of Black Friday, the busiest time of year for most retail stores. It’s estimated that 70 million customers were affected, but they weren’t the only ones who paid for the data breach.
“This will impact many Target business partners — Visa, MasterCard and the host of banks and credit agencies that now have to keep an eye on the 110 million customers now vulnerable to identity theft. It affects more than Target customers. It affects mortgage lenders and car sales. It affects the entire economic infrastructure,” said Hemu Nigam, founder of security firm SSP Blue.