On Thursday, June 9, Wendy’s announced that a point-of-sale (POS) data breach from last February may be much worse than initially anticipated. Back in May, the company reported that malware was discovered on fewer than 300 stores in North America, with another 50 suffering from unspecified cybersecurity problems. However, investigators have discovered a variant of the malware uploaded to a second POS system, previously thought to not be infected. Wendy’s has stated that the number of franchise restaurants is much higher than previously thought, but refused to provide figures.
Wendy’s has deflected blame, citing that no company-owned restaurants were affected. They instead stated that the franchise locations were most likely attacked to gain access through third-party service providers, who maintain and support their POS systems.