back to article Burger-slinger Wendy’s admits: Cash-till data breach hit 1 in 20 outlets

Wendy’s confirmed on Wednesday that malicious software affected PoS (point-of-sale) devices in around 300 of the burger chain’s 5,500 franchised stores, or about five per cent of all its restaurants in North America. The update on Wednesday quantifies the extent of a previously announced breach and came as Wendy’s announced …

  1. Anonymous Coward
    Anonymous Coward

    They (and others) have a bit of a cheek

    To call their 'Burger Slinging' Outlets 'Restaurants'.

    Sorry but IMHO, they ain't.

    Next you will see them trying to get a Michellein Star.

    What is the world coming to eh?

    1. Anonymous Coward
      Anonymous Coward

      Re: They (and others) have a bit of a cheek

      restaurant

      noun [C] UK /ˈres.trɒnt/ US /ˈres.tə.rɑːnt/

      a place where meals are prepared and served to customers

    2. Nixinkome

      Re: They (and others) have a bit of a cheek

      I'll Grant you that one AC.

      Crooks OPERATING on American companies seem to be having a field day. "I need a program just to work out who or where to hit next".

      The multinational chain mentioned used to serve tasty 'meals' but I suppose it is all sprayed on nowadays.

      1. ecofeco Silver badge

        Re: They (and others) have a bit of a cheek

        Of ALL the fast food operations in the U.S., Wendy's has by FAR the highest quality.

        Better than home cooked? Well no, of course not. Better than the competition? My stomach is at the age where it tells me very violently and quickly when I've just eaten shit masquerading as food. Wendy's consistently keeps my stomach happy. (except for the chili. you can guess why)

    3. Jeffrey Nonken

      Re: They (and others) have a bit of a cheek

      I agree with you in principle, but legally and by definition they are a restaurant.

  2. Anonymous Coward
    Anonymous Coward

    Is it time for a CV check?

    Current employer:

    Wendys:

    Previous employers

    Hilton

    Target

    Subway

    1. Anonymous Coward
      Anonymous Coward

      Re: Is it time for a CV check?

      Or time to answer a few questions...

  3. seven of five Silver badge

    paper slips and coins

    Now how inconvenient would it have been to pay cash for that lousy burger? An ATM is dangerous enough these days, no chance in hell I´ll stick something valid for several thousand euros into that POS (HA!) terminal to pay fo a tenner.

  4. Anonymous Coward
    Anonymous Coward

    POS

    I think you mean the other acronym (1st definition)

  5. Anonymous Coward
    Anonymous Coward

    Meh

    Which may well explain why I had to have three new cards in six months when my cards were being used (or attempted use) in Canuckistan during the back half of last year.

  6. Fortycoats
    Coat

    Where's the beef?

    Mine's the one with some cash in the pockets....

  7. DrXym Silver badge

    Not surprising

    See the other story about Walmart.

    The USA still(!) uses swipe machines for payments. When the customer swipes, the number goes through the store's own systems and is authorized by the payment processor. The card details can be skimmed or the store can be hacked and both allow the details to be stolen. And of course cashiers never bother to check the signature so stolen cards are easier to use too.

    Chip and pin might not be perfect but it takes the store out of the loop. If the store doesn't secure its database then it's no great loss because the card details aren't in there to steal. All that will be there is some kind of transaction token and little else.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not surprising

      One of the main reasons I hardly ever use my debit card any more - just too much risk in the USA. I finally got a chip enabled card two months ago (only 15 years behind Holland and other countries) but have only been able to use the chip once. Most places still use swipe, even though they have chip enabled PoS terminals - they claim it's not working.

      So I use cash for almost everything except the weekly grocery shop.

      Ironic because now I only use cash when I'm back in the UK (because no chip and pin on US cards) and increasingly use cash in the US too. However everyone under 30 around me appears to use their debit cards for absolutely everything - including items for less than $1/£1 - madness!

      1. Chloe Cresswell

        Re: Not surprising

        Hah, you think it's fun with US cards?

        Try a UK Chip and Sign card. You end up spending hours every month explaining to people what it is, and that no, you didn't just "hack" their system to make it ask for a signiture..

        1. Dadmin
          Devil

          Re: Not surprising

          Ups for the lot of you! Don't Panic!

          I got my smart-card chop[sic] and pin just this year. About time, I'd say! You know the pad reminds me of the original SD cards, and now the SIM card-style pad. There is only one retailer that seems to be using it now... no surprise, it's Target. Costco, and even the ATM at the issuing back do not yet take the chip/pin combo. Glad Wal*Mart is stepping up to complain. Every retailer should have been ready for this, but it's a slow and uneven process. Reminds me of the promise of fiber-optics in the home we heard those lousy cable companies and phone companies promise, in the 1970s no less! And this was in Silicon Valley. Here it is 2016 and fiber-optics to the home demark is almost non-exsistant. Back to the main point; only 50 of over 5000 shops are actively hacked, and that's from a total of only 330 shops with the malware? Some fucking hack. Barely scratched the surface, and I'm pretty sure I used my debit card in a Wendy's a couple time in the past 6 months, so here's what I plan to do; NOTHING! This is a small-time baby-hack and easily thwarted by just making a single examination of my next bank statement. Crisis averted. Situation normal, we're fine here. How are you?

          1. NotBob
            Holmes

            Re: Not surprising

            There is only one retailer that seems to be using it now... no surprise, it's Target.

            WalMart is using the chip readers. So is PetCo, Lowes, the local gas stations, and Tractor Supply, to name just a few.

            Not sure if you're in a crappy area, in crappy stores (given Target, it seems likely), or just have bad luck...

    2. Anonymous Coward
      Anonymous Coward

      Re: Not surprising

      Walmart is suing Visa because they won't let Walmart require the chip AND PIN entry.

      Seems like that should be required.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not surprising

      Chip and PIN became mandatory in Australia around the middle of last year. Paywave style payments can be used for anything $100 of less but anything over that amount requires Chip and PIN now. Signatures aren't accepted for any payments now. Works well so far.

      1. Chloe Cresswell

        Re: Not surprising

        What happens if you can't handle PINs?

        In the UK, you can't use a signature for a chip and pin card, for those few of us with number issues, we get issued chip and sign cards.

  8. JaitcH
    Alert

    From Small Buildings Come Big Leaks

    On the extreme Western city limit of the former North York, Toronto, sits a nondescript building, just south of the former Workplace Safety and Insurance Board Hospital campus.

    One day, not so long ago, an open envelope was placed on the Receptionists Desk awaiting pick-up by a rep from a chip fabricating outfit. It had the code for the new range of POS terminals.

    The contents were found to be missing and to avoid a hue and cry the R & D department quietly ran off another copy and nothing was said.

    After the new terminals were introduced many were hacked, using the information in the envelope. The losses were 'minimal' - under $100-million - and it was decided by the customers the protocol would be re-written and resulted in new encryption chips being designed and the hack defeated.

    How do I know? As an early attendee to the building each day one of my duties was to retrieve the re-issued manufacturing data each day.

    Leaks can happen under the strangest circumstances!

    1. ecofeco Silver badge

      Re: From Small Buildings Come Big Leaks

      whoa

  9. jonnycando

    It might be handy....

    If the firmware in POS devices was unique and not based on any existing OS. And it's communications protocol ought to be unique as well. Thus standard malware's could installed since the device would not understand anything not written in its own language. Oh but malcontents would reverse engineer them and see what them go. Guess we'll just have to use cash from now on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020