Ice cream and fast-food restaurant chain Dairy Queen has
confirmed a security breach that may have compromised the payment card
information of customers at several hundred locations across 46 U.S. states. Computers at
Dairy Queen locations, and one Orange Julius smoothie stores, were infected by
the malicious software, Backoff, which has been targeting retailers since
it first surfaced a year ago, International Dairy Queen said late on Thursday.
The malware infected computers at 395 of its more
than 4,500 U.S. locations, exposing the names, numbers and expiration dates of
customer payment cards, the statement said. There is no indication that other
personal information, including card PINs, social security numbers or email
addresses were stolen, it said.
International Dairy Queen said it is offering free identity
repair services for one year to customers in the United States who made
purchases at any of the effected restaurants.
Stores in four states, Rhode Island, Vermont, Hawaii and
Louisiana, did not appear to be impacted by the breach, the company said.
The U.S. government has released reports on several types of
malicious software that cyber criminals have used to steal payment
cards in the wake of last year's breach on Target Corp, which resulted in the
theft of some 40 million card numbers.
Backoff, first identified in October 2013, is capable of
scraping computer memory for track data and logging keystrokes, the U.S.
Department of Homeland Security warned retailers in July.
Click
here to access the full article on Reuters.