Breach Brief – Wendy’s, Centene
January 29, 2016
Yet another point-of-sale system appears to have been hacked. Wendy’s fast food restaurant reports that its POS system has come under suspicion for a possible breach of customer card data.
Wendy’s spokesman Bob Bertini said, “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Bertini did not name the security firm that is working with Wendy’s
According to Krebs on Security the first reports of the suspicious activity on customer’s cards came from financial institutions in the mid-west. However reports have begun to surface from banks on the east and west coasts. Currently there is no information on how many restaurants are affected.
Krebs On Security first reported the incident and believes that the restaurant’s POS system may have been infected by malware that collected credit card numbers. Wendy’s is not alone when it come to this type of attack. Other restaurants and retailers hit by this style of attack include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.
Wendy’s operates approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide.
The health insurer Centene is desperately searching for six hard drives that contain the personal information of over 1 million of its customers. The company has admitted to an “ongoing comprehensive internal search” for missing hard drives.
St. Louis based Centene said the missing hard drives contain personal data about people who received laboratory services between 2009 and 2015. The drives contain patient information including names, addresses, dates of birth, social security numbers, member ID numbers and health information. According to Centene CEO Michael F. Neidorff, the company doesn’t believe the information has been used “inappropriately.”
Customer affected by the data loss will receive free credit and healthcare monitoring.
The healthcare industry continues to be plagued by massive data breaches. For more on this topic please see;