DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wingstop Announces Data Security Incident Affecting Four Franchise Locations

Posted on January 17, 2015 by Dissent

DALLAS — Wingstop today announced that four of its independently owned and operated franchise locations may have been impacted by a data security attack on point-of-sale (POS) systems that could have enabled attackers to capture customer payment card information such as account number, expiration date or cardholder name.

After receiving indications of suspicious activity, the company immediately retained independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all of its US franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident. The details of the findings about the suspected data security incident are as follows:

  • One franchise in Corpus Christi, TX and one in Union City, CA each had malware on their POS systems between June 4, 2014 and July 31, 2014.
  • The company received one report of suspicious activity that occurred around the same time frame, involving twenty customer payment cards that had been used at one franchise in Lubbock, TX.
  • One franchise in Grand Prairie, TX had malware on its POS system between May 5, 2012 and June 27, 2012 and between November 11, 2012 and December 9, 2012.

In each instance, Wingstop assisted franchisees by immediately removing the Internet-connected POS hard drives and replacing them with new systems. Wingstop franchisees operate entirely independent POS systems that are neither managed by nor connected to a central location. The investigation of the Internet-connected POS systems has detected no evidence of malware on the systems at any other location.

“We regret that this incident occurred and apologize for any inconvenience or concern this may cause our customers,” said Charlie Morrison, CEO of Wingstop. “We will continue to work with our franchisees to enhance the security of their systems and protect the privacy and security of customer information.”

As a precaution, Wingstop urges customers of the above four locations to monitor their payment card account activity closely and report any suspicious activity to their payment card issuer immediately (addresses for the four locations can be found on the company’s website). Generally, customers are not responsible for fraudulent transactions if they notify their issuer in a timely fashion.

The incident has been reported to the relevant payment card authorities in an effort to protect customers against potential credit card fraud and Wingstop has been cooperating with law enforcement officials in the investigation of this matter. The Company is also taking steps to provide franchisees with solutions to strengthen controls and security of their POS systems.

Wingstop is offering 12 months of complimentary identity theft protection services through AllClear ID to any customer whose payment card information may have been affected. For more information about the services and for answers to any questions customers may have about the potential incident, customers may call toll-free (877) 615-3744, beginning January 16, 2015, Monday through Saturday, from 8:00 a.m. CT to 8:00 p.m. CT. The company has provided additional information, including the specific addresses of each impacted location, on its website and any future updates regarding this incident will be posted to the website at www.wingstop.com.

About Wingstop

Founded in 1994 and headquartered in Dallas, Texas, Wingstop operates and franchises more than 700 restaurants across the United States as well as Mexico, Russia, Indonesia, Philippines and Singapore.

SOURCE: Wingstop

Related posts:

  • InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region
  • Risky business: Remote Desktop opened the door for Aloha hackers
Category: Business SectorHackID TheftMalwareU.S.

Post navigation

← Privacy concerns raised on Mass. medical marijuana e-mails
Ca: Anti-abortion activist snooped into patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.