Nearly 400 Dairy Queen shops in the United States had their software systems compromised, the restaurant chain said, making it the latest retailer to confirm a data breach.
International Dairy Queen said its investigation found evidence that systems of some Dairy Queen locations and one Orange Julius shop were infected with the “Backoff” malicious software, or malware, which has been hitting a number of retailers.
A third-party vendor’s compromised account credentials were used to get into the systems at the affected locations, Dairy Queen said in a statement issued on Thursday.
The systems at some of Dairy Queen’s U.S. shops were affected at various times from early August through early October, the company said. Customer names, card numbers and card expiration dates may have been gathered. However, Dairy Queen said it was not aware of other personal information, such as Social Security numbers, being compromised due to the attack. Dairy Queen said it is confident that the malware has now been contained.
Several chains, including Home Depot, Jimmy John’s, Neiman Marcus and Target, have been hit by data breaches in recent months. Even JP Morgan was the target of a recent data hack, with as many as 76 million households and 7 million businesses affected.
Dairy Queen said it was offering one year of free identity repair services from AllClear ID to customers who used a card to pay at one of the impacted locations during the time of the attack.