Menu
Dairy Queen stores hit by 'Backoff' malware, payment card data stolen

Dairy Queen stores hit by 'Backoff' malware, payment card data stolen

The systems were accessed using account credentials from a third-party vendor, Dairy Queen said

Dairy Queen said Thursday the "Backoff" point-of-sale malware infected systems at 395 of its stores, stealing payment card data.

The company, which has 4,500 independently owned franchises in the U.S., said in a statement it believes the "malware has been contained." Most of the stores, including one Orange Julius location, were affected for between three weeks to a month starting in early August, according to a list.

"We deeply regret any inconvenience this incident may cause," wrote CEO and President John Gainor.

The company is the latest one to disclose a data breach due to malicious software. Home Depot and Target disclosed large data breaches that compromised card data. Other companies affected were Neiman Marcus, Michaels, P.F. Chang's China Bistro and Sally Beauty.

Dairy Queen said its investigation showed that a third-party vendor's account credentials were used to access the systems at the affected locations. The same style of attack method yielded access to Target's systems. The vendor was not identified.

The stolen information comprised customer names, payment card numbers and card expiration dates. No customer information, such as Social Security numbers, PINs or email addresses were stolen, it said.

The U.S. Department of Homeland Security and Secret Service warned in August that upwards of 1,000 businesses may be infected by malware such as Backoff on their point-of-sale devices.

Backoff, which first appeared around October 2013, collects payment card data from a computer's RAM where it briefly sits unencrypted after a card is swiped.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwaredata breachDairy Queen

Featured

Slideshows

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments