DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wingstop Announces Data Security Incident Affecting Four Franchise Locations

Posted on January 17, 2015 by Dissent

DALLAS — Wingstop today announced that four of its independently owned and operated franchise locations may have been impacted by a data security attack on point-of-sale (POS) systems that could have enabled attackers to capture customer payment card information such as account number, expiration date or cardholder name.

After receiving indications of suspicious activity, the company immediately retained independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all of its US franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident. The details of the findings about the suspected data security incident are as follows:

  • One franchise in Corpus Christi, TX and one in Union City, CA each had malware on their POS systems between June 4, 2014 and July 31, 2014.
  • The company received one report of suspicious activity that occurred around the same time frame, involving twenty customer payment cards that had been used at one franchise in Lubbock, TX.
  • One franchise in Grand Prairie, TX had malware on its POS system between May 5, 2012 and June 27, 2012 and between November 11, 2012 and December 9, 2012.

In each instance, Wingstop assisted franchisees by immediately removing the Internet-connected POS hard drives and replacing them with new systems. Wingstop franchisees operate entirely independent POS systems that are neither managed by nor connected to a central location. The investigation of the Internet-connected POS systems has detected no evidence of malware on the systems at any other location.

“We regret that this incident occurred and apologize for any inconvenience or concern this may cause our customers,” said Charlie Morrison, CEO of Wingstop. “We will continue to work with our franchisees to enhance the security of their systems and protect the privacy and security of customer information.”

As a precaution, Wingstop urges customers of the above four locations to monitor their payment card account activity closely and report any suspicious activity to their payment card issuer immediately (addresses for the four locations can be found on the company’s website). Generally, customers are not responsible for fraudulent transactions if they notify their issuer in a timely fashion.

The incident has been reported to the relevant payment card authorities in an effort to protect customers against potential credit card fraud and Wingstop has been cooperating with law enforcement officials in the investigation of this matter. The Company is also taking steps to provide franchisees with solutions to strengthen controls and security of their POS systems.

Wingstop is offering 12 months of complimentary identity theft protection services through AllClear ID to any customer whose payment card information may have been affected. For more information about the services and for answers to any questions customers may have about the potential incident, customers may call toll-free (877) 615-3744, beginning January 16, 2015, Monday through Saturday, from 8:00 a.m. CT to 8:00 p.m. CT. The company has provided additional information, including the specific addresses of each impacted location, on its website and any future updates regarding this incident will be posted to the website at www.wingstop.com.

About Wingstop

Founded in 1994 and headquartered in Dallas, Texas, Wingstop operates and franchises more than 700 restaurants across the United States as well as Mexico, Russia, Indonesia, Philippines and Singapore.

SOURCE: Wingstop

Category: Business SectorHackID TheftMalwareU.S.

Post navigation

← Privacy concerns raised on Mass. medical marijuana e-mails
Ca: Anti-abortion activist snooped into patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.