Security Watch

Keeping Track of patches and hacks in the IT security world.

Dairy Queen Confirms Backoff Malware Breach

The ice cream vendor is the latest organization to be impacted by point-of-sale malware.

Download the authoritative guide:

Backoff malware

After a month of speculation and investigation, restaurant chain International Dairy Queen officially confirmed on Oct. 9 that its stores had been the victim of a data breach.

International Dairy Queen has both the Dairy Queen ice cream chain and Orange Julius beverage locations as part of its organization, and both types of restaurants were affected by the data breach. In total, Dairy Queen has published a list of 395 of its stores across the United States that were impacted by the breach.

On the list, Dairy Queen details the start and end dates of the data breach, which occurred for varying lengths of time in August.

Dairy Queen's investigation into the incident has identified the root cause and the malware that is involved in the breach.

"As a result of our investigation, we discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country," John Gainor, president and CEO of Dairy Queen, wrote in a letter to customers. "The investigation revealed that a third-party vendor's compromised account credentials were used to access systems at those locations."

US-CERT first began warning about Backoff malware in early August. It has since warned that more than 1,000 retailers may have been impacted by Backoff.

Backoff malware is typically injected by way of remote access into a vulnerable point-of-sale (POS) system, which appears to be what happened in the Dairy Queen incident.

The Dairy Queen breach is similar to the recently confirmed breach at Goodwill, in that a compromised third-party vendor is being blamed. The Goodwill data breach impacted up to 868,000 credit cards and 330 stores. Goodwill, however, has claimed that its stores were not breached by Backoff malware, but rather by malware known as rawpos.

Dairy Queen now joins an increasingly growing list of retailers that have publicly confirmed data breaches in 2014, including Home Depot, SuperValu, P.F.Chang's, Target and Michaels.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.