Arby’s data breach may have involved more than 350,000 cards

Data breaches are difficult for businesses to contend with, even more so when they have deficiencies in their compliance efforts or don't have secure payment processing software. The recent news of quick-service restaurant chain Arby's experiencing a significant attack is another reminder of how important it is for businesses of all sizes to prioritize data safety and the Payment Card Industry Data Security Standard. While final details have yet to be released related to the breach, USA Today said projections indicate 355,000 or more credit and debit cards may have been involved.

Cash register malware to blame

"More than 355,000 credit and debit cards may have been involved in the breach."

The restaurant company said it began an internal investigation into the unauthorized capture of payment data soon after it learned of the incident, according to a statement it provided to USA Today. Arby's brought in computer security specialists and coordinated with law enforcement to find the root cause of the attack, but not before hundreds of thousands of customers had sensitive payment information compromised. The breach was very similar to those that affected major retailers like Home Depot and Target in recent years, which also involved very large numbers of  customers.

Brian Krebs, digital security specialist, initially confirmed the story via sources at a number of banks and credit unions. He said Arby's indicated it had already remediated the breach as of early February. The company also said the Federal Bureau of Investigation had requested the company keep the news of the breach quiet when it was first discovered in mid-February.

Only Arby's corporate locations, which are managed directly by the company, were affected. Franchised stores, owned and operated individually or in groups by individuals outside of Arby's corporate structure, didn't suffer any damage from the breach.

Speaking with USA Today, Dan Berger, CEO of the National Association of Federally-Insured Credit Unions, said the increase of retail breaches should be a priority in terms of boosting security.

"Last year, the number of data breaches shattered all records and climbed 40 percent higher than reported in 2015 and there is no sign of the criminals letting up," Berger said to the paper. "In 2017, we have already hit 110 breaches, a 36 percent hike over the same time last year."

Despite the attention focused on large chains suffering data breaches, every retailer is potentially at risk for such an attack. Using secure credit card processing software and following compliance guidelines can mean the difference between exposure to a breach and being protected.

Scroll to Top