DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Wingstop Announces Data Security Incident Affecting Four Franchise Locations

Posted on January 17, 2015 by Dissent

DALLAS — Wingstop today announced that four of its independently owned and operated franchise locations may have been impacted by a data security attack on point-of-sale (POS) systems that could have enabled attackers to capture customer payment card information such as account number, expiration date or cardholder name.

After receiving indications of suspicious activity, the company immediately retained independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all of its US franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident. The details of the findings about the suspected data security incident are as follows:

  • One franchise in Corpus Christi, TX and one in Union City, CA each had malware on their POS systems between June 4, 2014 and July 31, 2014.
  • The company received one report of suspicious activity that occurred around the same time frame, involving twenty customer payment cards that had been used at one franchise in Lubbock, TX.
  • One franchise in Grand Prairie, TX had malware on its POS system between May 5, 2012 and June 27, 2012 and between November 11, 2012 and December 9, 2012.

In each instance, Wingstop assisted franchisees by immediately removing the Internet-connected POS hard drives and replacing them with new systems. Wingstop franchisees operate entirely independent POS systems that are neither managed by nor connected to a central location. The investigation of the Internet-connected POS systems has detected no evidence of malware on the systems at any other location.

“We regret that this incident occurred and apologize for any inconvenience or concern this may cause our customers,” said Charlie Morrison, CEO of Wingstop. “We will continue to work with our franchisees to enhance the security of their systems and protect the privacy and security of customer information.”

As a precaution, Wingstop urges customers of the above four locations to monitor their payment card account activity closely and report any suspicious activity to their payment card issuer immediately (addresses for the four locations can be found on the company’s website). Generally, customers are not responsible for fraudulent transactions if they notify their issuer in a timely fashion.

The incident has been reported to the relevant payment card authorities in an effort to protect customers against potential credit card fraud and Wingstop has been cooperating with law enforcement officials in the investigation of this matter. The Company is also taking steps to provide franchisees with solutions to strengthen controls and security of their POS systems.

Wingstop is offering 12 months of complimentary identity theft protection services through AllClear ID to any customer whose payment card information may have been affected. For more information about the services and for answers to any questions customers may have about the potential incident, customers may call toll-free (877) 615-3744, beginning January 16, 2015, Monday through Saturday, from 8:00 a.m. CT to 8:00 p.m. CT. The company has provided additional information, including the specific addresses of each impacted location, on its website and any future updates regarding this incident will be posted to the website at www.wingstop.com.

About Wingstop

Founded in 1994 and headquartered in Dallas, Texas, Wingstop operates and franchises more than 700 restaurants across the United States as well as Mexico, Russia, Indonesia, Philippines and Singapore.

SOURCE: Wingstop

Related posts:

  • InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region
  • Risky business: Remote Desktop opened the door for Aloha hackers
Category: Business SectorHackID TheftMalwareU.S.

Post navigation

← Privacy concerns raised on Mass. medical marijuana e-mails
Ca: Anti-abortion activist snooped into patient records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.