Dairy Queen stores hit by ‘Backoff’ malware, payment card data stolenOctober 10, 2014 – 5:32 AM
Dairy Queen said Thursday the “Backoff” point-of-sale malware infected systems at 395 of its stores, stealing payment card data.
The company, which has 4,500 independently owned franchises in the U.S., said in a statement it believes the “malware has been contained.” Most of the stores, including one Orange Julius location, were affected for between three weeks to a month starting in early August, according to a list.
“We deeply regret any inconvenience this incident may cause,” wrote CEO and President John Gainor.
The company is the latest one to disclose a data breach due to malicious software. Home Depot and Target disclosed large data breaches that compromised card data. Other companies affected were Neiman Marcus, Michaels, P.F. Chang’s China Bistro and Sally Beauty.
Dairy Queen said its investigation showed that a third-party vendor’s account credentials were used to access the systems at the affected locations. The same style of attack method yielded access to Target’s systems. The vendor was not identified.
The stolen information comprised customer names, payment card numbers and card expiration dates. No customer information, such as Social Security numbers, PINs or email addresses were stolen, it said.