CONTINUE TO SITE »
or wait 15 seconds

News

Nearly 400 Dairy Queen locations targeted in data breach

October 10, 2014

Dairy Queen has confirmed a widespread credit card data breach at 395 of its locations in the US. The DQ and one Orange Julius locations had been infected with the widely-reported Backoff malware that has hit other retailers in recent months.

In late August, the Department of Homeland Security issued a second warning about the Backoff malware, which has affected more than 1,000 US businesses, including UPS. Data breaches have also affected Target, Jimmy John's, PF Chang's, Home Depot and more.

Backoff malware targets cash registers in-store.

Dairy Queen had previously indicated it was investigating a possible intrusion that may have affected some payment cards used at certain locations.

According to a news release, upon learning of the issue initially, the company conducted an extensive investigation and retained external forensic experts to help determine the extent of the breach. Since a majority of DQ and OJ locations are franchised, the company had to work with independent owners, law enforcement authorities and payment card brands.

Their investigation revealed that a third-party vendor's compromised account credentials were used to access systems at some locations. Specifically:

The Backoff malware impacted payment card data at 395 of the more than 4,500 US locations.

The time periods during which the Backoff malware was present on the relevant systems vary by location. A list of impacted locations, as well as the relevant time periods, is available at dq.com/datasecurityincident/. (Editor's note: when we checked on these locations today, the site was being upgraded).

The affected systems contained payment card customer names, numbers and expiration dates. The company said it has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection.

"Based on our investigation, we are confident that this malware has been contained," the company said in the release.

"We are committed to working with and supporting our affected DQ and Orange Julius franchise owners to address this incident," CEO John Gainor said. "Our customers continue to be our top priority."

The company is offering free identity repair services for one year to customers in the US who used their payment card at one of the impacted DQ locations or the one Orange Julius location during the relevant time period.

Related Media

Recent Posts
Graeter's Cones for the Cure annual fundraiser on through Sept. 14
Colts linebacker brings Rita's Italian Ice & Frozen Custard to Indiana
Marco's Pizza inks 3-unit deal for Maryland
HTeaO partners with poppi on beverage duo for Fall
Auntie Anne's partners with Shock Top craft beer


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'