Wingstop announces payment card data security incident

If you’ve recently gotten your fingers sticky at Wingstop, then you may want to check your payment card activity.

The fast food chain announced Friday that four of its 660 locations may have been hit by a data security attack on point-of-sale (POS) systems that “could have enabled attackers to capture customer payment card information such as account number, expiration date or cardholder name”.

In a press release posted on its website, Wing Stop said, “After receiving indications of suspicious activity, we immediately retained an independent forensic investigative firm, Stroz Friedberg, LLC, to review the Internet-connected POS systems at all of our US franchise locations. The forensic review and the results of the overall investigation determined that the POS terminals at four locations could have been subject to a data security incident.”

Locations and dates of affected locations follow:

  • One franchise in Corpus Christi, TX, and one in Union City, CA, each had malware on their POS systems between June 4 and July 31, 2014.
  • The company received one report of suspicious activity that occurred around the same time, involving 20 customer payment cards that had been used at one franchise in Lubbock, TX.
  • One franchise in Grand Prairie, TX, had malware on its POS system between May 5 and June 27, 2012, and between November 11 and December 9, 2012.

Wingstop has since eradicated the compromised systems from affected franchisees, and made it clear that all franchisees operate independent POS systems and that there is no central location.

Wingstop is offering a year of identity theft protection for customers who may have been affected by the attack, which can be requested here.