Arby’s Restaurant Group, Inc., has confirmed that a breach affected payment systems at its corporate restaurant locations.
Information security investigative journalist Brian Krebs first learned something was up when several banks and credit unions reached out to him inquiring if he had heard of an incident involving Arby’s. He subsequently reached out to the Atlanta-headquartered fast food restaurant chain about those inquiries. In response, a spokesperson for the company confirmed in a statement it had received reports about a breach in mid-January but hadn’t publicly disclosed it at the request of the FBI.
“Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems. Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant. While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.”