Wendy's has apologized and offered help to customers affected by a massive cyberattack that has affected nearly one in five of its restaurants nationwide. The company says credit and debit card data was stolen by malware in payment terminals at 1,025 US locations, all of them franchisee-owned, Restaurant News reports. The data theft began in late fall last year, Wendy's says. The chain has urged customers to check their statements for possible fraudulent purchases and has set up a website for people to check whether a Wendy's restaurant they visited has been affected by what the BBC describes as one of the most significant hacks in US history.
Wendy's announced earlier this year that it was investigating malware in around 300 stores, but it later discovered that the hack was much more wide-ranging than it thought, the AP reports. The company says the hackers were able to obtain card numbers, names, expiration dates, and codes, some of which were used to make fraudulent purchases elsewhere. Security researcher Graham Cluley warns that many victims won't realize they're at risk. "For most of us, it's not a red letter day if we go to somewhere like Wendy's," he tells the BBC. "And people won't have registered which one they went to and where they were in the country when it happened." The assistance Wendy's is offering affected customers includes free credit monitoring for a year. (More Wendy's stories.)