Bad news for fast food fans who’ve recently eaten at Arby’s: As Good Housekeeping reports, the chain recently confirmed that a malware attack on its payment card system targeted hundreds of restaurant locations across the country, and may have compromised more than 355,000 credit and debit cards. Arby’s first caught wind of the breach last month and reported it to authorities, but they didn’t go public until now, per the FBI’s instructions.
The malware allowed for attackers to remotely steal data from cards swiped at cash registers, security journalist Brian Krebs reports on his blog, KrebsOnSecurity. In these types of situations, the thieves typically sell the information to other criminals, who encode the data onto cards with a magnetic strip and use them to make expensive purchases.
Credit union service group PSCU was the first party to learn—and share—the news, informing member banks that a breach at a fast food restaurant chain had compromised hundreds of thousands of accounts. They estimate that the breach occurred between October 25, 2016, and January 19, 2017. It’s unclear whether non-credit-union-issued credit and debit cards were also affected, meaning we may hear reports of more compromised accounts in the future, USA Today points out.
Arby’s hasn’t announced which restaurants were hit, but we do know that only corporate restaurants were affected—meaning if you dined at a franchise, you're probably OK. (Around one-third of Arby’s stores are corporate-owned, and not all of them were impacted by the breach.) Still, if you visited any Arby's location, take a moment to double check your account statements to see if anything’s amiss. If you notice anything fishy, let your bank know.
[h/t Good Housekeeping]