Data breaches have been all over the news lately. A data breach, of course, is when hackers steal confidential information that's sitting in a database.
Yahoo had an especially bad 2016, after acknowledging it had been hit with two of the largest breaches ever. Now, another massive breach has been discovered at a popular fast food chain that you need to know about.
It was recently discovered that hundreds of Arby's restaurant locations nationwide were infected with malware. That led to at least 355,000 customers' credit and debit card information to be stolen.
How this data breach occurred
Malicious software was installed on the fast food chains' payment card system inside corporate store locations. Franchised locations were not impacted by this breach. There are over 3,300 Arby's locations in the U.S. and nearly one-third are corporate stores, but it's difficult for customers to know which are which.
A corporate spokesperson told KrebsOnSecurity that this incident has been contained and the malware has been eradicated from systems at restaurants that were impacted. They also noted that not all corporate locations were impacted. The company wouldn't say how long the malware was stealing data, but it occurred sometime between October 25, 2016, and January 19, 2017.
As of now, the number of stolen cards is 355,000. However, that number will likely grow once Arby's finishes its investigation and releases full details.
We're also awaiting details of how the malware was installed on its point-of-sale (POS) systems. Typically, POS systems are infected by either hacked remote administration tools or phishing emails that target employees.
Once malware is installed, the cybercriminal can steal data from payment cards that are swiped at an impacted location. This data can be used to create duplicate cards that criminals can use to make fraudulent purchases.
If you visited an Arby's during the potential breach time frame, the most important thing you need to do is check the statements from your credit or debit cards. If you see any suspicious activity, report it immediately to your financial institution. You are not liable for any fraudulent charges.
Even if you are not impacted by this breach, there are some steps you should consider taking anytime you hear of a massive data breach.
What you need to do after a data breach
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Check HaveIBeenPwned - this site will tell you if your information has been stolen in a previous breach.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
- Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check email security settings - Make sure the email account associated with the hacked site has updated security settings.
- Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.