According to a Thursday report on Yahoo News, Dairy Queen is the latest business to experience a serious credit card breach, and Tennessee is suspected to be one of the states affected. The restaurant chain has confirmed that "customer data at a limited of stores may be at risk."
Dairy Queen had originally denied an earlier report of a security breach from KrebsonSecurity.com. While the details are just developing, the stolen credit card data appears to have been stolen from cards used at Dairy Queen locations in Florida, Alabama, Indiana, Illinois, Kentucky, Ohio, Tennessee and Texas. This list of affected states was compiled by KrebsonSecurity.com from financial institutions who reported recent fraud on accounts used at the restaurant.
A frightening observation was made by most reporters covering this story. Dairy Queen does not have a policy regarding the reporting of security breaches at the independently-owned franchises. The company admitted that there was no policy in place that required the franchisees to communicate with the main office when criminal theft of customer data was suspected. This seems almost incredible in a time when even the most seemingly impenetrable security is not enough.
There has been a recent rash of security breaches reported around the world. The Department of Homeland Security has issued an advisory about the Backoff malware which is the suspected culprit in the Dairy Queen breach. The document stated that the Secret Service has estimated that over 1,000 businesses in the United States are affected by the Backoff malware. Businesses are directed to exercise great caution by contacting their IT teams and antivirus providers to determine whether their data has been compromised.