By Nick Woltman / Pioneer Press
Dairy Queen confirmed Thursday that restaurants in Minnesota, North Dakota and South Dakota were affected by the customer payment card data breach the company suffered in August.
The Edina-based fast-food chain said 394 of its nearly 4,450 U.S. Dairy Queen locations and one of its Orange Julius locations were breached by cyber thieves using the Backoff malware. The three stores affected in North Dakota were in Emerado, Park River and Beulah.
The 18 stores affected in Minnesota were in Stillwater, Grand Marais, Lindstrom, Cass Lake, Sleepy Eye, Warroad, Blaine, Crystal, Norwood, Coon Rapids, Richfield, St. Francis, Cloquet, Willmar, Spicer, Motley, Walker and Eagan.
The three stores affected in South Dakota were in De Smet, Hot Springs and Custer.
ADVERTISEMENT
The breach began in early August and was largely contained by early September – the specific duration varied by location.
“We deeply regret any inconvenience this incident may cause,” Dairy Queen CEO John Gainor said in a statement posted to the company’s website. “Our customers are our top priority, and we are committed to working with our franchise owners to address the issue.”
The company said cardholder names, account numbers and expiration dates of fewer than 600,000 credit and debit cards were exposed, but it does not believe any other information – PINs, email addresses, etc. – was compromised.
Dairy Queen announced in late August that it was investigating a possible data breach after cyber-security journalist Brian Krebs first broke the news on his website.
Working with the U.S. Secret Service, Dairy Queen determined that thieves used stolen login credentials from a third-party vendor to gain access to payment card processing systems of affected stores. The thieves then uploaded malicious software designed to steal card data.
The malware, dubbed Backoff by the cybersecurity industry, was the subject of an August advisory from the Department of Homeland Security, which estimates more than 1,000 retailers have been victimized by it. High-profile cyberattacks at Home Depot and UPS reportedly also involved the Backoff malware.
Dairy Queen is offering free credit repair services to customers who used a payment card at one of the affected stores during the breach window. Anyone who thinks they may have been affected should call (855) 865-4456 from 8 a.m. to 8 p.m. CDT Monday through Saturday.
On the web: A complete list of affected stores can be found here: http://dq.com/datasecurityincident/affected-stores/ .
ADVERTISEMENT
The Pioneer Press is a media partner with Forum News Service.
