After a few weeks of speculation, Diary Queen has confirmed that nearly 400 locations were compromised in a recent data security breach. Among the 400 locations affected, 9 were local Arizona businesses.
Here is a list of the Arizona locations:
- Glendale, 7700 W. Arrowhead Towne Center
- Phoenix, 2623 W. Northern Ave.
- Scottsdale, 2230 N. Scottsdale Road
- Mesa, 6555 E. Southern Ave. Ste 2514
- Tempe, 5000 S. Arizona Mills Circle
- Gilbert, 3303 E. Queen Creek Road Suite 101
- Tucson, 5870 E. Broadway Blvd.
- Tucson, 4500 N. Oracle Road
- Sedona, 4551 N. Highway 89A
This makes Dairy Queen the latest victim in the Backoff malware crime spree. Most Dairy Queen locations are independently owned, making the impact even greater for those small business owners. The Dairy Queen CEO released a statement on the company website with a few details of the incident. Based on the details provided it seems that this breach was carried out just like so many others we have heard about lately. Hackers most likely gained access to the POS system through some remote means, either a service provider account or other remote access tool. Once they gained access they installed the Backoff malware on the POS terminals to capture card data.
This type of attack can be easily avoided, or mitigated. It is crucial to have proper security controls in place when using remote access. Best practice, and PCI compliance, require the use of two-factor authentication to protect against unauthorized access. Proper network monitoring can also help with early detection of a breach, so the impact can be minimized, or even stopped before data is actually stolen. Based on the dates provided by DQ, the breach lasted for about two months.
Aeris Secure works hard to help small businesses like those affected by the Dairy Queen breech. We offer a free security review to all Phoenix area franchise owners to help you identify your weaknesses and improve your security before this happens to you.
For more info reach out directly via phone or email.