Last Thursday, Dairy Queen officially confirmed the security breach that was initially suspected in August.
The company reported that Backoff malware was installed on point of sale systems at 395 stores across the country. Dairy Queen was notified about the breach in late August by both law enforcement and independent security analyst, Brian Krebs, and has been investigating the matter ever since.
In a statement to the public on Thursday, Dairy Queen said that "based on our investigation, we are confident that this malware has been contained."
The personal customer information stolen includes credit card numbers and expiration dates as well as customer names. However, the company does not believe that any social security numbers, email addresses or telephone numbers were stolen in the attack. Dairy Queen customers should closely monitor their bank accounts for any signs of unusual activity in the coming weeks.
The third-party vendor that was attacked by the Backoff malware is reported to be Panasonic Retail Information Systems. The company released a statement in solidarity with Dairy Queen, but did not officially confirm any special knowledge of the breach or that their systems were affected in any way.
The Dairy Queen breach follows in the pattern of several recent franchise cyber-crimes that included infiltrating insecure point of sale systems. These include the breaches at Jimmy John's, Goodwill and UPS.
Security breaches are all too common these days and can have disastrous effects on your company. Upgrade to card processing software you can trust to keep your information secure, and urge employees to use long and complex passwords. The best defenses against breaches include both cutting-edge software and adequate employee security education.