DUBLIN, Ohio — Hackers stole customers’ debit and credit card information from more than a thousand Wendy’s restaurants across the country — including one in Colorado — the company announced Thursday.
Crucial information including “cardholder name, credit or debit card number, expiration date, cardholder verification value (CVV), and service code,” was stolen, the company said in a statement Thursday morning.
The Wendy’s location at 150 E. 144th Ave. in Thornton was among the restaurants impacted.
Officials urged customers to “be diligent in watching for unauthorized charges on their payment cards.”
Wendy’s said the “highly sophisticated, criminal cyberattacks” impacted 1,025 of its franchise-owned restaurants. Wendy’s has just more than 5,140 franchised restaurants in the country, according to the Wall Street Journal.
Initially, the company said the attack had affected less than 300 restaurants. However, on Thursday, officials said they had “discovered a variant of the malware … affecting additional franchise locations.”
“We are committed to protecting our customers and keeping them informed. We sincerely apologize to anyone who has been inconvenienced,” said Todd Penegor, Wendy’s president and chief executive officer.
“All potentially impacted individuals will receive one year of complimentary fraud consultation and identity restoration services,” the company said.
“The Company first reported unusual payment card activity affecting some franchise-owned restaurants in February 2016,” Wendy’s officials said. “Subsequently, on June 9, 2016, the Company reported that an additional malware variant had been identified and disabled.”
“We have conducted a rigorous investigation to understand what has occurred and apply those learnings to further strengthen our data security measures,” Penegor stated.
Wendy’s is the world’s third-largest quick-service hamburger company, according to company officials.