back to article Dairy Queen cuts the waffle, says bank cards creamed in 395 eateries

Dairy Queen has admitted to being hacked, six weeks after reports first surfaced that the US fast-food chain's tills were compromised. "We discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the …

  1. Jan 0

    P K

    > ... and will offer one year's subscription to an identity repair service

    That's just so Dickian, the future really is arriving fast.

    1. Marketing Hack Silver badge
      Facepalm

      Re: P K

      I don't know about Dickian, but certainly a dick move!!

    2. Anonymous Coward
      Anonymous Coward

      Re: P K

      Haha, screw that. Tell them what they really need to do is convince Congress to unfuck us. Pass a law making CCs and SSNs and all such 'secret numbers' null and void for legal/financial purposes.

      1. perlcat

        @tnovelli

        Exactly. The entire identity theft industry is predicated on the stunning negligence in using someone else's numbering system as a financial identity. (It began as stunning ignorance, but morphed into stunning negligence as people became aware of all the places it is being misused.) In a sane world, the only thing a social security number thief should be able to do is collect your benefit and pay your taxes.

        Not sure how you could avoid using a credit card number for financial purpose, though.

  2. ecofeco Silver badge

    Another week....

    Another breach.

    Any bets for next week? Retail, financial or government?

    1. Mark 85 Silver badge

      Re: Another week....

      Yes, all the above. I guess it's just a matter of time until the miscreants own all of us. And we thought the 5-eyes were efficient. Sheesh......

    2. ecofeco Silver badge

      Re: Another week....

      Looks like that shoe dropped already.

      K-mart.

  3. PowerMan@thinksis

    PowerSC & encryption

    The social experiment of "good enough" technology running Windows or open source software is coming to a head with damn near every American impacted. From Neiman-Marcus to Nordstroms to K-Mart this covers about everyone. PF Changs to DQ. Organizations like Target chose "low cost" Dell servers running Windows in every store because of "cost". It was recently reported to have cost them over $250M while their business is down some 40%. When will these companies wake up and take (cyber) security seriously? If they did, they should start with AIX using PowerSC or Security & Compliance. I'm sitting at McCaren airport leaving the Enterprise (IBM Power & Z) conference where I just delivered several presentations (as a Business Partner) on PowerSC to customers. You have to protect the stack plus the perimeter. With built-in encrypted filesystems that use the encryption accelerations on Power servers, Trusted Execution, Security Expert plus PowerSC features like Real Time Compliance and the Trusted suite of Boot, Logging and Firewall. Time to get back to using secure technology for the right workloads.

    1. usbac

      Re: PowerSC & encryption

      Yeah, that's what we all need is more proprietary crap.

      We used to run a retail system on AIX. We couldn't get rid of it fast enough. Anytime IBM is involved, you just add a few of zeros to all of the prices.

      Your idea of "IBM knows how to make it secure, just give us tons and tons of money, we'll fix it" doesn't work for most businesses.

      It's not the "low cost Dell servers" that are the problem, it's all of the crap code running on them that was written by some third world, lowest bidder outsourcer that's the problem.

      Running Windows on any POS system seems to asking for trouble to me. When I ask vendors why they use Windows as on OS for point of sale, they tell me that all of their developers know how to code for Windows. My suggestion is always "get better developers, then".

      1. Anonymous Coward
        Anonymous Coward

        Re: PowerSC & encryption

        "My suggestion is always "get better developers, then"."

        The response is normally, "It costs more to get better developers than to pay off for the thefts."

        Besides, no security system on Earth can do much against an insider, which I suspect is the culprit behind many of the hack jobs.

    2. Gene Cash Silver badge

      Re: PowerSC & encryption

      It has nothing to do with cheap tech, it has to do with cheap people.

      Target had intrusion alarms logged before the hackers were in a position to steal info, but nobody was paid to look at them. The tech did it's part, the people failed.

      All those buzzwords don't mean a thing if the CTO doesn't give a crap about security.

      1. P. Lee Silver badge

        Re: PowerSC & encryption

        >It has nothing to do with cheap tech, it has to do with cheap people.

        Also, while its fun to poke Windows POS stuff, it is usually a hardware issue. If you can reboot the thing off removable media, it isn't likely that the OS will save you.

  4. Donn Bly

    List not complete

    The list of locations compromised, and the dates compromised, are larger than admitted.

    On May 22 my daughters card was used at Dairy Queen in Auburn Indiana

    On May 23 it was used at two online file sharing services to open accounts

    The card was cancelled and a new card issued

    On July 22 the new card was used at the same Daily Queen

    On July 23 the new card was used to open accounts at two online sharing sites

    The brand new card had only been used at 2 other locations prior to being used at Dairy Queen.

    1. chivo243 Silver badge
      Coat

      Re: List not complete

      Like they say... Fool me once shame on you, fool me twice shame on me. Buy ice cream with plastic? how much ice cream was purchased?

      1. Richard 12 Silver badge
        Pint

        Re: List not complete

        I do this pretty often. Ok, I don't tend to buy ice cream very often but the same scale of transaction.

        When travelling to forn parts it's usually cheaper to buy everything on plastic rather than cash as my card gets a better rate than over-the-counter foreign exchange, and I don't end up with a pile of small change that I can't use.

    2. Anonymous Coward
      Anonymous Coward

      Re: List not complete

      I think it's far more likely that your daughter just likes file sharing sites....

  5. The Grump
    Flame

    Time to reinvent the wheel...

    and begin to use cash again. Yeah, it's the end of Amazon, but what can we do ? Hackers have proven they can penetrate any security - from the military, to banks, to businesses like Home Depot and Target, and now they have penetrated the security of Dairy Queer...er...Dairy Queen. (Sorry, but that's what I call it. I wouldn't eat there, period).

    Yeah, it's a pain, but you need to get off your butt, and go to the bank to get real money. Cash cannot be hacked. Now I'm off to bang rocks together to create fire. Fire good - credit card bad.

    1. Charles 9 Silver badge

      Re: Time to reinvent the wheel...

      But cash CAN be stolen...or counterfeited...

      1. chivo243 Silver badge

        Re: Time to reinvent the wheel...

        I'd rather the thugs take my 40 $-€-Quid pocket cash, than have them empty all my cash out of my bank account.

      2. Tom 38 Silver badge

        Re: Time to reinvent the wheel...

        But cash CAN be stolen...or counterfeited...

        I'll never forget the time I got done over by counterfeiters, they took my wallet, made me sit there for 3 days while they traced the £20 note and made copies before giving it back to me and letting me go. Bloody counterfeiters.

  6. frank ly

    Just give them a copy of your house key and let them get on with it

    " ... but the code didn't get hold of stuff like Social Security numbers, PINs or email addresses."

    Why would anyone give this information to a high street retail outlet? After being 'hit' by spam e-mail and spam phone calls/txts some years ago, I now tell anyone who asks that I don't have a mobile phone and that I don't use e-mail. They seem surprised but they still sell me stuff.

  7. bex

    the time of the bank card is over

    with the other safer options that don't expose peoples bank accounts maybe the banks need to ditch the direct payment card.

  8. roger stillick
    Holmes

    DQ reverts to imprinting cards, creating script $$$

    Local DQ restaurants on the NW Oregon Coast are using paper script made by running an imprinter for each card purchase...something done 20 years ago everywhere...the script is harmless and no one was ever dumb enough to try to counterfit it...

    Q= if the imprinted info on the paper form is good enough to be converted back into restaurant account funds and credit / debit billing to an individual...WHY IS ALL THAT EXTRA DATA NEEDED FOR A SWIPTED CARD TRANSACTION ?? (please forgive my yelling, this has been driving me nuts ever since I found what was on the striping of my Costco Card= my entire financial history with them= WHY ?? ).

    IMHO= simple greed by everyone needs to go away... Here in the good old USA we are going to chipped cards next year to fix this, you and i both know that will not 'fix' this...RS.

    1. jonathanb Silver badge

      Re: DQ reverts to imprinting cards, creating script $$$

      Point of sale fraud is much lower in Europe since Chip&Pin was introduced over 10 years ago. Card authentication takes place on the card reader, and it simply reports back to the till that it was successful, or not successful, as the case may be. It hasn't completely eliminated fraud, but it has certainly improved the situation.

  9. Anonymous Coward
    Anonymous Coward

    American businesses love to swipe credit cards directly into their POS systems for some stupid reason. My guess is that they harvest the credit card data so they can track individual customer purchasing habits.

    In Canada at least, most businesses have separate bank-supplied chip-and-pin machines.

    1. seacook

      No Chip & PIN for Lowe's

      >Lowe's got hacked a few weeks ago. Could not understand why there may have been a a issue with Canadian stores. Went shopping there on the weekend. Found that I needed to swipe and sign on my credit card transaction. No Chip & PIN in their Canadian locations! Left the goods at the cashier.

      Time to start hanging the CEO's and CIO's up by their bits using piano wire. No trial. No mea culpa. Straight to the bar.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019