The widespread data breach that has been plaguing square burger and Frosty purveyor Wendy's since January is getting worse. The Ohio-based fast food chain announced "additional malicious cyber activity has recently been discovered in some franchise-operated restaurants." The company says it has disabled the newly discovered malware used for the cyber attacks.
When Wendy's announced preliminary findings of an investigation into the data breach in May, it reported malware had been found on point of sale systems at "fewer than 300" franchised locations in North America. Now, that number is expected to be "considerably higher than the 300 restaurants already implicated." Customers' credit card information may have been compromised due to the breach.
In February, a class action lawsuit was filed against the chain in Florida. The suit alleges Wendy's "employed inadequate safety measures and failed to quickly send notice to customers." The lead plaintiff claims his debit card was hit with $600 in unauthorized charges as a result of the breach. "While many retailers, banks, and card companies responded to recent breaches by adopting technology that helps make transactions more secure, Wendy's has acknowledged that it did not do so," the suit reads.
Going forward, Wendy's says it "continues to work aggressively with its experts and federal law enforcement to continue its investigation."