You may have seen the headlines today that quick-serve restaurant Arby’s had its systems breached and hundreds of thousands of card records are suspected to have been stolen. The most detailed report of this breach is posted on Krebs on Security:
A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.
The first clues about a possible breach at the sandwich chain came in a non-public alert issued by PSCU, a service organization that serves more than 800 credit unions.
The alert sent to PSCU member banks advised that PSCU had just received very long lists of compromised card numbers from both Visa and MasterCard. The alerts stated that a breach at an unnamed retailer compromised more than 355,000 credit and debit cards issued by PCSU member banks.
If the report is correct that PSCU alone has already identified 355,000 compromised cards, then this could turn out to be a rather large breach.
The breach that Arby’s experienced was caused by malware that they believe they have now eradicated from their systems. Unfortunately these types of events are not preventable with EMV technology.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here