Edina-based Dairy Queen is facing a blizzard of questions about the security of its system that takes customer payment information.
Brian Krebs, the journalist who runs the website KrebsOnSecurity, writes that his "sources in the financial industry say they’re seeing signs that Dairy Queen may be the latest retail chain to be victimized by cybercrooks bent on stealing credit and debit card data."
Krebs said that he first started hearing about the DQ problems two weeks ago. Since then he said he has heard from multiple financial institutions that say they've observed "a pattern of fraud on cards that were recently used at various Dairy Queen locations in several states." He adds that his sources say "these same cards are being sold in the cybercrime underground."
But Krebs concludes that Dairy Queen might not be positioned to be aware of any such security problems. While Dairy Queen told Krebs it has "no indication that it has experienced a security breach," the fast food company acknowledged it has no established company processes for its thousands of franchisees to communicate with DQ headquarters about security issues or card breaches.
Krebs broke the story last December about the massive data breach at Target, which ultimately touched millions of its customers and took a bite out of the discounter's profits. Now the Dairy Queen story is getting traction in the financial press. The Wall Street Journal morning report published a short review of the Krebs story in its Wednesday morning update.
The Krebs report said that the "pattern of fraud" indicates DQ franchisees may have been breached as far back as in early June. He said it's not clear how many, or even if, Dairy Queen’s 4,500 domestic, independently-run stores have been hit.