It may be time to stop writing articles about point-of-sale data breaches and write about companies that have not had a breach. It may soon be a shorter list.
Dairy Queen is the latest to join the parade of retailers announcing a possible data breach, most likely related to the Backoff POS malware that has reeked havoc on retailers recently. In this case, the breach was first reported on by security blogger Brian Krebs on his KrebsOnSecurity blog site. Krebs reported that as many as 50 fraudulent credit card transactions recently that could be connect to card use at Dairy Queen locations.
In a statement release yesterday by Dairy Queen, they confirmed that “Customer data at a limited number of stores may be at risk”. The company, which operates almost 6,000 stores nationwide, is not aware of any impact to customers of the breach at this time.
Homeland Security issued a warning about the Backoff POS malware on July 31st, which can used by attackers to steal cardholder data and customer personal information. Earlier this week, the Secret Service announced that over 1,000 retailers have reported breaches connected to Backoff. High profile retailers reporting breaches connected to Backoff include the UPS Stores andthe SuperValu supermarket chain.
Backoff enables remote control of the targeted system and is able to access credit credit card data in memory. It accumulates the stolen data an exfiltrates it using a simple HTML post.
Comodohas introduced SecureBox