In late January, Krebs on Security reported on a data breach that apparently affected some Wendy’s restaurant locations, seemingly all located in the Midwest. The breach is believed to have affected the POS payment mechanisms in stores, as a number of financial institutions have reported suspicious card activity on their customers’ debit cards following visits to certain Wendy’s locations. Apparently? Seemingly? Suspicious? Where are the details of the data breach?
No one is quite certain yet, as Wendy’s corporate office isn’t disclosing any of the details of their investigation, despite the fact that the compromised card activity is thought to have started as long ago as December of last year. While that is a relatively short time period for data breach reporting compared to just a few years ago, the current understanding of hacking events and identity theft threats means companies typically react more swiftly in these incidents. For example, in last month’s Snapchat data breach, company executives disclosed the event to the FBI four hours after it was discovered.
While a data breach and a lengthy wait period before being informed might seem frustrating to consumers, it’s nothing compared to the headaches it can cause for financial institutions. In the case of the Wendy’s breach, the banks and credit unions have just as little information as consumers. When you consider that it’s the banks who have to shoulder a significant financial burden in a data breach for things like replacing customers’ cards with new ones and for the unauthorized charges that consumers aren’t responsible for, it’s no small matter. They want to know how far this has spread, how many more of their customers may be affected, and what the overall impact will be to their bottom line, but so far they don’t have those answers.
For now, there is only speculation about the damage, and it’s not good news. Some agencies who’ve been monitoring the situation have predicted that the overall cost to the issuing banks and credit cards will be even larger than that of the Home Depot data breach, and one credit union has already seen a 34% increase in fraudulent charges on its debit cards. Another bank CEO has anonymously stated that he expects the cost to the financial institutions to be five to ten times higher than what it cost them following the Target data breach in 2013.
Anyone can be a victim of identity theft, anyone can use our services and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.