Hackers hit Dairy Queen

Edina, Minn. – Payment systems at 395 Dairy Queen stores and one Orange Julius store across the U.S. have been hit by a cyber attack that exposed payment card customer names, numbers and expiration dates. The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection.



Hackers used the widely-reported Backoff malware that is targeting retailers across the country. The company previously indicated that it was investigating a possible malware intrusion with external forensic experts. The investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at some locations. Parent company International Dairy Queen Inc. is working with law enforcement and independent franchise owner/operators of affected stores.



While precise timing of the intrusion varies by individual store, but the attacks took place between June and October 2014. Dairy Queen says the attack has been contained and it is offering free identity repair services for one year to customers in the U.S. who used their payment card at one of the impacted stores.



“We are committed to working with and supporting our affected DQ and Orange Julius franchise owners to address this incident,” said John Gainor, president and CEO of International Dairy Queen. “Our customers continue to be our top priority.”