Ice cream and fast food outlet Dairy Queen said a data breach that ran from August to October involved the theft of customer data at 395 of its stores.
In a statement posted to the company's website, Dairy Queen CEO John Gainor wrote, "We discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country."
"The investigation revealed that a third-party vendor's compromised account credentials were used to access systems at those locations," Gainor added.
The Edina, Minn.-based Dairy Queen operates about 4,500 franchised stores in the U.S. and the Orange Julius chain, according to the company.
Gainor said the affected systems contained customers' names, payment card numbers and expiration dates.
"We have no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection," he said. "Based on our investigation, we are confident that this malware has been contained."
Security experts have said other large breaches such as those involving Target and The Home Depot were infected with the Backoff malware as well.
At least some have expressed annoyance at the frequency of big breaches.
"By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn't equate to mitigating advanced threats that no doubt again stole the gold in this case [Dairy Queen], Mark Bower, vice president of product management at data security firm Voltage Security in Cupertino, Calif., said.
Bower said the only way to neutralize this risk is to avoid any sensitive data passing in and through the vulnerable POS or retail IT.
"Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back," Bower said. "These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences."
Dairy Queen's breach is large enough to rank among the top breaches so far this year.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.