Dairy Queen Data Breach Kept Quiet

Update: 10:00 a.m. ET: On October 9, International Dairy Queen, Inc. confirmed that one Orange Julius store and 395 Dairy Queen stores were impacted by a data breach. In a press release, Dairy Queen, Inc. attributes the breach to “Backoff” malware on “systems at a small percentage of locations in the U.S.” — confirming the initial suspicious made by independent security experts.

The malware exposed customers’ names, payment card numbers and payment card expiration dates. Dairy Queen has no evidence that other personal information was compromised.

The attack occurred between August 1 and September 23; however, dates vary from store-to-store. The company has provided a list the impacted locations in their press release.

Dairy Queen is providing potentially impacted customers with on year of free identity repair services. Concerned customers should contact 1-855-865-4456 to take advantage of this offer.

WhDairyQueenLogoat happened?

Dairy Queen’s payment card system may have been compromised by malware — possibly exposing customer payment card information. Brian Krebs, security expert and author of KrebsOnSecurity.com, first reported suspicious payment card activity tied to the fast food chain on Aug 26.

After the initial suspicion, Krebs reported that Dairy Queen had begun to work with the U.S. Secret Service to investigate the breach. The Secret Service has been warning retailers of “Backoff” point-of-sale malware— the same one that attacked Target’s payment system last year. It is believed Backoff is responsible for this breach as well.

Dairy Queen has not released an official press release regarding the issue, but believes only a small number of locations may have been impacted.

The company has admitted to not have a security plan in place for franchisee owners. This lack of planning significantly jeopardizes the financial wellbeing of both consumers and small business owners.

In response to breach-related concerns on social media, Dairy Queen replied to commenters that they will “continue to work with the authorities on the investigation” and directed concerned customers to contact their bank and Dairy Queen Fan Relations.

Some locations have begun to temporarily adopt low-risk methods of processing consumer payment card information or have moved to cash-only operations while Dairy Queen continues to investigate the breach.

What should you do?

1.)  Monitor your bank statement

2.)  Contact your bank about setting up email or text alerts for your credit or debit cards

3.)  Make cash-only purchases at Dairy Queen

4.)  Check your credit report

5.)  Let Dairy Queen know that you value your information.
An unfortunate trend in corporate data breaches is to brush them aside and hope customers simply forget about them or remain uninformed. Get the word out by sharing this story on social media or contact Dairy Queen. Let Dairy Queen know your personal information is valuable and that your trust should not be taken lightly.

Learn more about data breaches and how to protect your personal information.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.