Twenty Wendy’s restaurants throughout the Inland Empire could have been targeted by hackers.
Franchise-owned restaurants in 14 cities across San Bernardino and Riverside counties might have fallen prey to two malware attacks, the company announced Wednesday. The attacks were first reported in February. About 1,025 restaurants nationwide were affected.
The latest attack, which was disabled in early June, according to a news release, targeted payment card information including cardholder name, credit or debit card number, cardholder verification value and service code.
Wendy’s posted a searchable website where people can look for affected restaurants. The site includes locations in Beaumont, Colton, Corona, Fontana, Hemet, Highland, Lake Elsinore, Ontario, Moreno Valley, Rancho Cucamonga, Rancho Mirage, Redlands, Riverside and Temecula.
According to the website, the attacks took place from Dec. 2, 2015, to June 8, 2016. The exception was the Wendy’s at 27672 Jefferson Ave. in Temecula, which was susceptible from Jan. 13, 2016 to June 8, 2016.
The company is also offering help to people who have been victims of fraud or identity theft as a result. To learn more, call 866-779-0485 or visit www.wendys.com/notice.
During its investigation, Wendy’s did not work with local law enforcement agencies, according to Wendy’s spokesman Bob Bertini.
“Given the nature of the cyberattacks, we have been working with federal law enforcement,” he wrote in an email.
The first attack was discovered in January and affected 225 restaurants; the second was discovered in May and affected 800, Bertini wrote.
Both attacks, he wrote, “resulted from certain service providers’ remote access credentials being compromised.”
Company-run stores — there are 582 nationwide — and some franchisees service their own Point Of Sale systems, he added, while others rely on third-party providers.
The company does not yet know how many cardholders may have been affected, but it does appear that payment cards used legitimately at Wendy’s may have been used fraudulently elsewhere, Bertini wrote.
When reached by phone, Esperanza Avila, a Wendy’s franchisee in San Bernardino County, said franchisees were not authorized to speak about the incident.