ORLANDO, Fla. – Arby's is investigating a possible data breach involving more than 355,000 credit and debit cards.
The fast-food chain said malware was placed on cash registers at some Arby's restaurants.
“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems,” the company said in a written statement provided to KrebsOnSecurity. “Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts,” the statement continued. “While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”
The data breach affects corporate-owned restaurants, not franchises.
“Although there are over 1,000 corporate Arby’s restaurants, not all of the corporate restaurants were affected,” Christopher Fuller, Arby’s senior vice president of communications, told KrebsOnSecurity. “But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems.”
The company is telling customers to monitor their card statements.