HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 7 MINUTES AGO.
You are here: Home / Network Security / Dairy Queen Confirms Data Breach
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Dairy Queen Latest Retailer To Report Hack
Dairy Queen Latest Retailer To Report Hack
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
28
2014


Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain has revealed that customer data at some of its stores may be at risk.

According to Dairy Queen, the possible data breach is connected to the Backoff point-of-sale malware that raked Target through the coals last year. Target recently revealed the breach cost its shareholders $148 million, though there’s no indication that Dairy Queen was hit that hard.

"In addition to communicating with potentially affected franchised locations, credit card processors and credit card companies to gather relevant information, we immediately began cooperating with the authorities investigating this particular malware," Dairy Queen said in a statement. "We continue to communicate with our franchisees and service providers regarding steps necessary to protect customer data and minimize any impact to our customers."

Early Warning Signs

Brian Krebs of Krebs on Security was the first to see hints of the breach. On Aug. 14 he pointed to sources in the financial industry saying they were seeing signs that Dairy Queen may be the latest retail chain to fall victim to a cyberattack.

“I first began hearing reports of a possible card breach at Dairy Queen at least two weeks ago, but could find no corroborating signs of it -- either by lurking in shadowy online ‘card shops’ or from talking with sources in the banking industry,” Krebs said.

“Over the past few days, however, I’ve heard from multiple financial institutions that say they’re dealing with a pattern of fraud on cards that were all recently used at various Dairy Queen locations in several states," he added. "There are also indications that these same cards are being sold in the cybercrime underground.”

Protecting the End Points

We turned to Mike Davis, CTO at real-time endpoint threat protection firm CounterTack, to get his insights on the Dairy Queen breach. He told us the fact that franchisees are not required to tell the franchisor about security breaches illustrates how breach notification processes are weak not just in retail but in most industries.

“The franchisor brand is effected when a franchisee causes a security breach,” Davis said. “Franchisors should start requiring security controls of their franchisees above those required by PCI and third parties the franchisee may work with. The franchisor's brand could be destroyed easily without better controls in place for franchisees.”

What’s more, without real-time insight into what processes and activities are occurring on franchisee point-of-sale systems, the time between a breach being detected and a security team knowing the impact is too great, Davis said.

“With ups and now downs, it seems the media knew about the impact of a breach before the companies did, and that is a real problem that can only be addressed by utilizing endpoint threat detection and response technology to know exactly what happened on what endpoints during an attack," he added.

Tell Us What You Think
Comment:

Name:

Jesus o:

Posted: 2014-09-04 @ 9:24am PT
I used my card at a Dairy Queen in Phoenix and that charge never went through, but I had 4 other charges in the valley totaling over 300 dollars that weekend.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.