DQ hit by Backoff malware breach

Dairy Queen hacked by same malware as Target

August 29, 2014

The malware that caused a major breach for Target has struck again.

Dairy Queen appears to be the latest victim of a malware breach that would affect as many as 1,000 U.S. businesses.

Authorities are investigating the malware, known as “Backoff” that my have been found on the computer systems of some Dairy Queen restaurants.

The fast food and ice cream chain based in Edina, Minnesota, told the Star Tribune that it found out about a possible hack when the website Krebs on Security reported on a pattern of fraud dating back to June.

Dairy Queen operates about 6,300 restaurants around the country, but franchise owners are not required by headquarters to reports fraud to a centralized location, company spokesman Dean peters told the Business Journal.

The Dairy Queen chain confirmed Thursday it had been in contact with the U.S. Secret Service about “suspicious activity” related to Backoff, a strain of malware that attacks point-of –service machines discovered last October. Dairy Queen said it was investigating the breach and did not yet know how many stores or customers had been affected.

“We are gathering information from a number of sources, including law enforcement, credit card companies and processors,” Dairy Queen said in a statement. “The protection of customer data is a top priority for us and our franchisees, and we take it seriously.”

The Department of Homeland Security says Backoff is a point of sale malware that exploits “businesses’ administrator accounts remotely” and exfiltrates “consumer payment data. “The department says the malware was released last October, but was undectable to current anti-malware software. It’s believed to have infected more than 1,000 U.S. businesses, and DHS is urging firms to check for infection.

Backoff most recently hit Eden Prairie, Minnesota-based supermarket chain Supervalu and United Parcel Service earlier this month.

Cybersleuth Brian Krebs, who also broke the news of last fall’s massive Target breach , began reporting on the apparent Dairy Queen hack on August 14, after he was contacted by a Midwestern credit union complaining of a rash of more than 50 customers who had been victimized by card fraud.

Related Topics:

CT awards Brownfields grants

Yahoo! latest target of hackers

Target confirms security breach

More links on Technological Disasters


DNN Sponsors include: