Hackers Get Saucy With Arby’s and Steal 355,000 Credit Card Numbers

Arby’s is at work mending fences with its customers after it was discovered that hundreds of its restaurants had been host to malware that stole data from customer credit and debit cards for an undisclosed amount of time. Reported numbers vary, but through a point-of-sale attack, the cyber criminal(s) responsible managed to extract anywhere from 335,000 to 355,000 debit and credit cards over four months.

The malware breach was first discovered in January, estimated to have gone unnoticed since October of last year. Arby’s was first alerted to their plight through an alert distributed by Payment Services for Credit Unions, or PSCU. Without naming any names, PSCU alerted their member banks who had distributed payment cards that an unnamed retailer had been breached and those cards were now compromised, and that they believed that the alert was linked to “a large fast food restaurant chain.”

The breach was not disclosed to the public immediately at the behest of the FBI.

There is some potentially good news to this story, but it could also get much worse. The good news is that Arby’s claims that all traces of the POS malware have been eradicated from their systems, and that it only seemed to affect corporate restaurants, which only make up about a third of Arby’s over 3,330 stores, and not all corporate restaurant locations were affected.

However, many consumers probably aren’t aware of whether their local restaurant is franchised or corporate-operated, and the “it would never happen to me” mentality might work against a few victims and keep them from checking. This, and since the reported breach came from cards issued by credit unions, more cards could potentially have been affected.

So, if you were unfortunate enough to order at one of Arby’s infected locations, what can you do?

Fortunately, victims of this scam don’t have to pay the charges that will appear on their statements, but they do have to report them to the issuing bank. Therefore, you should keep a close eye on your statements for any unauthorized charges.

This is especially true when you consider some figures that Dan Berger, CEO of the National Association of Federally-Insured Credit Unions, shared with USA Today:

“Last year, the number of data breaches shattered all records and climbed 40 percent higher than reported in 2015 and there is no sign of the criminals letting up. In 2017, we have already hit 110 breaches, a 36 percent hike over the same time last year.”

These numbers are disheartening, to say the very least. Did this news scare you away from fast food for a while? Let us know in the comments-- and in the meantime, our best advice? Use cash.