Bad news, fans of square hamburger patties: It turns out that the supposedly NBD security breach, which Wendy’s ‘fessed up to in January, was a lot worse than initially suspected. “Considerably higher than the 300 restaurants already implicated” is how the chain described it yesterday to cybersecurity journalist Brian Krebs, who says sources had been telling him no way was the chain’s original estimate accurate “given the volume of fraud that the banks have traced back to Wendy’s customers.”
Wendy’s first projected hackers had compromised point-of-sale systems at about 5 percent of stores. The company is not elaborating a whole lot right now, but it did clarify that this original number was wrong because the malware “mutated” and spawned a second wave of attacks that went undetected. Company spokesman Bob Bertini tells Krebs they discovered it “just within the last few days,” and are working closely with authorities. Customers hoping to learn which stores were affected will have to hold out a little longer though, because it sounds like Wendy’s isn’t so sure it could list them all yet, even if it wanted to. “Wherever we are finding [an issue] we’ve taken action,” Bertini explains. “But we can’t rule out that there aren’t others.” The chain operates a total of 5,700 U.S. locations.