Texas-based restaurant chain Wingstop is notifying an undisclosed number of customers that malware was found on point-of-sale (POS) systems at four locations, and it could have enabled attackers to capture customer payment card information.
How many victims? No estimate.
What type of personal information? Account numbers, expiration dates and cardholder names. PIN numbers, mailing addresses and email addresses are not believed to have been affected.
What happened? Malware was found on POS systems at four independently owned and operated Wingstop locations, and it could have enabled attackers to capture the personal information.
What was the response? The internet-connected POS hard drives at each affected location were removed and replaced with new systems. Steps are being taken to provide Wingstop locations with solutions to strengthen controls and security of POS systems. All potentially affected individuals are being offered a free year of identity theft protection services.
Details: A location in Corpus Christi, TX and a location in Union City, CA each had malware on their POS systems from June 4, 2014, to July 31, 2014. One report of suspicious activity that occurred around the same time period involved 20 customer payment cards used at a location in Lubbock, TX. A location in Grand Prairie, TX had malware on its POS system from May 5, 2012, to June 27, 2012, as well as from Nov. 11, 2012, to Dec. 9, 2012. Evidence of malware on the POS systems of other locations has not been detected.
Quote: “We do not have an estimate of how many customers were potentially impacted, but we encourage all customers, especially those that used payment cards at the four locations during the impacted periods listed above, to closely monitor their statements and contact their credit card company regarding any suspicious activity,” according to a FAQ posted on the Wingstop website.
Source: wingstop.com, “Data Security.”