The nationwide fast-food chain Wendy’s is reportedly investigating claims of a potential credit card breach at some of its restaurant locations. According to independent security journalist Brian Krebs, multiple sources in the banking industry found a pattern of fraud on payment cards that had all been recently used at various Wendy’s locations. The restaurant chain acknowledged the claims after Krebs questioned the company in regards to the suspicious fraud pattern. Wendy’s spokesperson Bob Bertini said the company began receiving reports earlier this month from its payment industry contacts about a possible data breach. He added that a security firm has been hired to investigate further. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants,” Bertini told KrebsOnSecurity.
“We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts," said Bertini.
Bertini noted it may be too soon to determine whether the incident has been fully contained, how long it may have persisted or the number of locations affected. “We began investigating immediately, and the period of time we’re looking at the incidents is late last year,” said Bertini.
“We know it’s [affecting] some restaurants but it’s not appropriate just yet to speculate on anything in terms of scope,” he added.
Krebs said he received reports of the possible breach from financial institutions based in the Midwest, as well as the east coast. The Dublin, Ohio-based fast-food chain operates more than 6,500 franchise and company restaurants across the U.S. and in 29 other countries worldwide.