Security expert and creator of the KrebsOnSecurity blog Brian Krebs believes that over 10,000 credit cards may have been stolen from Dairy Queens in multiple states. Using reports from credit unions and banks nationwide, Krebs traced the possibly-affected Dairy Queens and made some likely guesses as to how the hackers were grabbing data.
Other financial institutions contacted by this reporter have seen recent fraud on cards that were all used at Dairy Queen locations in Florida and several other states, including Alabama, Indiana, Illinois, Kentucky, Ohio, Tennessee, and Texas.
This breach coincides handily with a Homeland Security warning about hackers using remote access applications like LogMeIn to "brute force" their way into a point-of-sale system. Why were Dairy Queens targeted? Probably because hackers found an exploitable flaw in the franchise's point-of-sale software.
Figuring out how to remotely interface with an entire franchise's POS software means that the hackers could steal credit cards from stores on a state-by-state basis. Not only that, but knowing the geography of a stolen credit card means that thieves can fool banks into thinking that they're not committing fraud.
The easiest way to catch credit card thieves is to identify purchases made in faraway states. If the thief is able to fake their location to look like it's coming from where you live, then they can get away with their fraud for longer than normal.