Dairy Queen and at Least 1,000 Other U.S. Businesses Hit by Backoff Malware

According to reports from the U.S. Secret Service and Kaspersky Labs, malware known as Backoff has been used to attack more than 1,000 businesses. This malware targets point-of-sale retail payment systems, intercepting and sending payment information to the fraudsters that employ it. The most recent high profile case of this malware and data compromise targeted nearly 400 Dairy Queen restaurants.


According to Kaspersky Labs senior security researcher Roel Schouwenberg, Backoff is not a particularly advanced or sophisticated malware tool, rather the widespread infections across merchant retail locations exemplifies weak security measures many organizations have in place. Many payment systems compromised by the malware have been for some time as they were infected with a variant traced back to October, 2013.


395 Dairy Queen restaurants fell victim to the Backoff malware, the company announced in early October, affecting about 8.5 percent of their total U.S. locations. Approximately 600,000 cards were impacted while the exposed information included cardholder names, primary account numbers and expiration dates. The breach occurred during August and September and Dairy Queen has provided a full list of stores affected including start and end dates of the compromise. The company is also providing one year of identity repair services to all customers implicated in the breach.


For more information:


Backoff malware infections are more widespread than thought


Malware Hack Dips Into Dairy Queen Customer Data


U.S. Computer Emergency Readiness Team (US-CERT) Alert: Backoff Point-of-Sale Malware