Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 29 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Dairy Queen confirms payment card data at up to 400 restaurants impacted

by The Gurus
October 10, 2014
in Editor's News
Share on FacebookShare on Twitter

American ice cream chain Dairy Queen has confirmed that the Backoff malware was responsible for the impact upon payment card data.
 
In a statement, Dairy Queen said that nearly 400 US restaurants were affected, and that systems were accessed due to a “third-party vendor’s compromised account credentials.”
 
The statement, posted on the front page and signed by president and CEO John Gainor, said that after the intrusion was detected in August, it launched an extensive investigation with external forensic experts and discovered evidence that the systems of some Dairy Queen locations, and one Orange Julius location, were infected with the Backoff malware.
 
He said: “The Backoff malware was present on systems at a small percentage of locations in the US. The time periods during which the Backoff malware was present on the affected systems vary by location.
 
“The affected systems contained customers’ names, payment card numbers and expiration dates.  We have no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection. Based on our investigation, we are confident that this malware has been contained.”
 
He said that customers are being notified and as nearly all Dairy Queen and Orange Julius locations are independently owned and operated, it has worked closely with affected franchise owners, as well as law enforcement authorities and the payment card brands, to assess the nature and scope of the issue.
 
“We deeply regret any inconvenience this incident may cause,” he said. “Our customers are our top priority and we are committed to working with our franchise owners to address the issue.”
 
It said that the investigation has confirmed that the issue is associated with the widely-reported Backoff malware targeting retailers across the country. The US computer emergency readiness team (US CERT) issued an alert after the Secret Service responded to network intrusions at numerous businesses throughout the United States who had been impacted by the Backoff malware.
 
A point of sale malware family variants have been seen as far back as October 2013 and the malware typically has the ability to: scrape memory for track data; log keystrokes; communicate via command and control; and injecting a malicious stub into explorer.exe, which is responsible for persistence in the event the malicious executable crashes or is forcefully stopped.
 
Mark Bower, vice president, product management and solutions architecture for Voltage Security, said: “The only realistic way to avoid this malware driven breach is to avoid the card and track data being present in live form in memory and storage in the retail processing systems and Point of Sale (POS). Leading merchants today are achieving success with this approach using the latest encryption technology.
 
“Encrypting data in the card reader device the instant it is read with format-preserving encryption techniques enables the protected track and card data to flow completely protected through the POS to the secure processing host, ideally at the acquirer or within an isolated processing sy
stem. Only the host can decrypt, and if the malware steals the data from the POS either remotely or directly, it gets nothing of meaning or value.”
 

FacebookTweetLinkedIn
Tags: BreachDairy QueenMalwarePayment CardPOS
ShareTweet
Previous Post

Microsoft to release three critical patches next week

Next Post

ISACA Ireland – Breaking Down the Silos

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information