MINNEAPOLIS -- International Dairy Queen Inc. recently learned of a possible malware intrusion that may have affected some payment cards at some DQ locations and one Orange Julius location in the United States, the company said in a notice on its website.
It joins retailers and restaurant chains including Jimmy John's, Home Depot, SuperValu, Albertson's, Jewel, Target and Michaels, to name just a recent few. In the convenience store and gas station channel, 7-Eleven and Mapco have experienced recent payment systems breaches.
Upon learning of the breach, the company launched an investigation and retained external forensic experts to help determine the facts. Because nearly all DQ and Orange Julius locations are independently owned and operated, it worked closely with affected franchise owners, as well as law enforcement authorities and the payment card brands, to assess the nature and scope of the issue.
"As a result of our investigation, we discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely reported 'Backoff' malware that is targeting retailers across the country. The investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at those locations," said the notice from John Gainor, president and CEO.
Based on the investigation, the company has established the following:
The Backoff malware was present on systems at a small percentage of locations in the United States. The periods during which the Backoff malware was present on the affected systems vary by location.
A list of affected DQ locations and the one Orange Julius location, as well as the relevant time periods, is available here.
The affected systems contained customers’ names, payment card numbers and expiration dates. The company said it has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection.
"Based on our investigation, we are confident that this malware has been contained," said the company.
Gainor continued, "We deeply regret any inconvenience this incident may cause. Our customers are our top prioritym and we are committed to working with our franchise owners to address the issue. We are notifying DQ and Orange Julius customers about this incident so they can take steps to help protect their information. … We sincerely apologize for any inconvenience this may have caused you."
Click here to view the full notice.
International Dairy Queen (IDQ), with headquarters in Minneapolis, develops licenses and services a system of more than 5,600 Dairy Queen stores in the United States, Canada and foreign countries, offering dairy desserts, hamburgers, hot dogs and beverages. IDQ is part of the Berkshire Hathaway family, a company owned by Warren Buffett.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.