Fast food hamburger chain Wendy’s which announced in February that it had discovered “reports of unusual activity involving payment cards” at some of its restaurants and was investigating the matter in order to determine the full extent of the apparent data breach, later announced in May that it indeed had been hacked and that credit and debit card numbers, expiration dates and other card information had been stolen. Then on June 9th, Wendy’s announced that it had discovered another separate hacking and data breach that had been going on since the Fall of 2015 that managed to steal credit card and debit card numbers, but not names of affected customers from 1,025 Wendy’s franchises in the United States.  Wendy’s has posted an interactive website where you can input the state and city or town of the Wendy’s franchise you may have gone to during the last year and it will tell you if it was one of the restaurants affected by the data breach.  Here is the link to the interactive website: https://payment.wendys.com/paymentcardcheck.html

Wendy’s still uses the old fashioned magnetic strip credit cards which are much easier targets for hackers than the EMV chip cards which have been required to be used by companies since October of 2015.  The rules requiring companies to switch to the new smart cards carry no specific penalty, but in the event of a data breach can result in the company not using the EMV chip cards to be responsible for the costs of fraudulent use of stolen card information.  It should also be noted that although October 1, 2015 was the deadline for retailers to switch to EMV smart card processing for credit cards and debit cards to avoid liability in the event of a data breach, the deadline for ATMs and gas station pumps to switch to the EMV smart cards is not until October 1, 2017.

TIPS

As consumers the best thing we can do is to use your EMV chip card whenever possible.  Stores such as WallMart and Target have switched to the new cards.  If you have not yet received a new EMV chip card from your credit card company, contact them and get one as soon as possible.  It still is a good idea to not use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Wendy’s since 2015, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.  Wendy’s is offering affected customers fraud consultation and identity restoration services for a year at no cost.  For instructions as to how to enroll for those services, you should call Wendy’s at 866-0845.

It is also important to note that Wendy’s will not be contacting customers to tell them about this program and will absolutely not be contacting you requesting personal information, such as your credit card number so if you receive a call, text message or email purporting to be from Wendy’s asking for such personal information, you should not provide any such information because it is a scam.