Dairy Queen data breach hits 395 stores

Ice cream and fast food chain Dairy Queen announced today that between August and September of this year 395 of its stores were breached, including 16 stores in Georgia.

Dairy Queen said that hackers may have gained access to customer names, credit and debit card numbers and expiration dates when its payment systems were breached.

In a press release, Dairy Queen announced that it is working with law enforcement authorities and credit card companies to investigate the breach.  According to the investigation, a third-party vendor’s compromised account credentials were used to access the systems.

All organizations that store, transmit or process payment card holder data must comply with the Payment Security Industry Data Security Standard (PCI DSS) in order to decrease the risk of online payment card fraud.

It seems likely that Dairy Queen’s third-party vendor who dealt with the payment data will likely to be in breach of the PCI DSS. Failing to meet the PCI DSS can result in large fines, paid to your acquiring bank. Find out more about the PCI DSS’s requirements here >>

The extent of the breach – how many people have been affected – is not yet known.