American fast food chain Arby's has reportedly confirmed that it was hit by hackers in a massive data breach that is believed to have affected thousands of customers. The hackers infected the fast food chain's payment card systems with malware at hundreds of its restaurants across the US, according to reports.
Arby's claimed that it was alerted about the breach in mid-January, but refrained from informing its customers about the breach at the FBI's request, cybersecurity journalist Brian Krebs reported in his blog.
"Arby's Restaurant Group, Inc (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems," the company said in a statement. "Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant. While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted."
Arby's claimed that the malware infected payment systems within its corporate stores, adding that Arby's franchised restaurant locations were not affected.
"Although there are over 1,000 corporate Arby's restaurants, not all of the corporate restaurants were affected," said Christopher Fuller, Arby's senior vice president of communications. "But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems."
According to the credit union service PSCU, which first alerted member banks about a long list of compromised Visa and MasterCard numbers, over 355,000 credit and debit card accounts may have been impacted by the hack.
Arby's is not the first American fast food chain to be the victim of a massive cyberattack. In 2016, burger chain Wendy's disclosed that cybercriminals hacked hundreds of its restaurants in a massive targeting payment card data. It appears that 2016's data breach trend may be spilling over into 2017 as well.