Software systems were compromised at about 400 U.S. Dairy Queen shops, including 19 in Illinois and 30 in Indiana, the restaurant chain said, making it the latest retailer to confirm a data breach.
International Dairy Queen said its investigation found evidence that systems of some Dairy Queen locations and one Orange Julius shop were infected with the “Backoff” malicious software, or malware, which has been hitting a number of retailers.
A third-party vendor’s compromised credentials were used to get into the systems at the affected locations, Dairy Queen said in a statement Thursday.
The systems at some of Dairy Queen’s U.S. shops were affected at various times from early August through early October, the company said. Customer names, card numbers and card expiration dates may have been gathered. But Dairy Queen said it was not aware of other personal information, such as Social Security numbers, being compromised because of the attack. Dairy Queen said it is confident that the malware has now been contained.
The attack did not hit Dairy Queen locations in Chicago but did affect stores in other parts of the state, including Dixon, Quincy and Metropolis.
Several chains, including Home Depot, Jimmy John’s, Neiman Marcus and Target, have been hit by data breaches in recent months.
Dairy Queen said it was offering one year of free identity repair services from AllClear ID to customers who used a card to pay at one of the affected locations during the time of the attack.