Wingstop Announces Data Security Incident Affecting Four Franchise Locations
Wingstop has released information about a data security attack on point-of-sale (POS) systems that could have enabled attackers to capture customer payment card information such as account number, expiration date or cardholder name at possibly four locations.
After receiving indications of suspicious activity, Wingstop retained an independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all U.S. franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident. The details of the findings about the suspected data security incident are as follows:
One franchise in Corpus Christi, TX and one in Union City, CA each had malware on their POS systems between June 4, 2014 and July 31, 2014.
The company received one report of suspicious activity that occurred around the same time frame, involving twenty customer payment cards that had been used at one franchise in Lubbock, TX.
One franchise in Grand Prairie, TX had malware on its POS system between May 5, 2012 and June 27, 2012 and between November 11, 2012 and December 9, 2012.
In each instance, Wingstop assisted franchisees by immediately removing the Internet-connected POS hard drives and replacing them with new systems. Wingstop franchisees operate entirely independent POS systems that are neither managed by nor connected to a central location. The investigation of the Internet-connected POS systems has detected no evidence of malware on the systems at any other location.
Wingstop has provided additional information, including the specific addresses of the four impacted locations, on its website at www.wingstop.com.
After receiving indications of suspicious activity, Wingstop retained an independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all U.S. franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident. The details of the findings about the suspected data security incident are as follows:
One franchise in Corpus Christi, TX and one in Union City, CA each had malware on their POS systems between June 4, 2014 and July 31, 2014.
The company received one report of suspicious activity that occurred around the same time frame, involving twenty customer payment cards that had been used at one franchise in Lubbock, TX.
One franchise in Grand Prairie, TX had malware on its POS system between May 5, 2012 and June 27, 2012 and between November 11, 2012 and December 9, 2012.
In each instance, Wingstop assisted franchisees by immediately removing the Internet-connected POS hard drives and replacing them with new systems. Wingstop franchisees operate entirely independent POS systems that are neither managed by nor connected to a central location. The investigation of the Internet-connected POS systems has detected no evidence of malware on the systems at any other location.
Wingstop has provided additional information, including the specific addresses of the four impacted locations, on its website at www.wingstop.com.