The Wendy’s hack and what you need to know about it

Imagine that you go to your favorite restaurant chain, buy a couple of hamburgers, soda, fries, and pay with your credit card.

The restaurant is one of the largest in your country, so you take it for granted that everything in it is safe. In this case, we are talking about Wendy’s, a chain of franchises in the United States with thousands of establishments throughout the country.

After a few days, in the news you hear about a theft of information from Wendy’s, that information consists of credit cards … like yours.

This is the story of how a restaurant got hacked, and the lesson of how NOT to handle a problem. It doesn’t matter if your restaurant is small or a commercial monster.

What did the Wendy’s hack consist of and what consequences did it have?

At the beginning of 2016, Wendy’s, through its spokesperson, announced in the United States that “some of its stores” had been the victims of a hack (actually malware) that compromised the information of said stores, especially the card information. payment of your customers.

This is already a red flag, but the thing was worse: malware and access to information by thieves or hackers, lasted from September or October to February, that is, for months they could quietly do whatever they wanted with information.

Lawsuits from the government and individuals were swift, especially in the United States, and Wendy’s reputation was called into question.

It was discovered that the hackers took advantage of the fact that the POS (point of sale) of the restaurants were outdated, not updated and / or with weak passwords, that is, a security breach, which is how the case is known: the Wendy’s breach .

What were Wendy’s mistakes in handling the hack?

Here comes the interesting thing: what mistakes Wendy’s made and what they can teach us not to make, it does not matter if it is a problem on a miniscule scale in comparison.

Here are some management data:

• It took 12 days to realize the failure, and although it was due to notices from specialists in the field, she did not realize the failure by herself
• The company took 51 days to make the ruling public, when it affected thousands of its customers throughout the country
• It took 143 days to fix the problem and announce the exact number and location of the affected restaurants
• In total, it took 172 days between realizing the failure and its solution, although without knowing if it was definitive
• In February, they said that only “some localities” were affected; the full list was published in July, and 1.025 restaurants were affected
• Wendy’s has not made public the amounts stolen, mainly debit cards, that it has had to pay to its customers, or how many customers were affected

As you can see, even large companies have problems due to something so relatively simple: paying for adequate computer security, taking care of their clients’ information, and agility when managing said crisis.

The legal scope of this hack is unknown, or the money it will cost the chain, but one thing is known, because three years have already passed: the power of the Wendy’s brand is powerful, because its income has not been diminished despite such management.

Source: https://www.bbc.com/news/technology-36742599