Dairy Queen Data Breach Impacts Almost 400 Stores

Fast food chain Dairy Queen today confirmed a data breach of payment card data at some of its U.S. locations, which include Dairy Queen and Orange Julius stores. Signs of the breach were reported as early as late August, but the Minnesota-based company had yet to confirm the cyberattack.

The breach compromised customer names, payment card numbers and card expiration dates for credit and debit cards used at 395, or just less than 9%, of Dairy Queen’s U.S. locations in 45 states and Washington, D.C. Dairy Queen visitors in Kentucky may have been hit the hardest, as there are more than 50 Kentucky locations on the list of affected stores, more than any other state. (It’s unclear if Kentucky has an extraordinary number of Dairy Queens to begin with or if the malware happened to infiltrate a higher share of stores in the state — regardless, there’s a high number of compromised Dairy Queens in Kentucky. Its neighbor Indiana had the second-highest number of breached stores, with 30.)

Dairy Queen confirmed it is one of many victims of the Backoff malware, which is said to have infiltrated hundreds of American retailers. While it’s certainly problematic for consumers to lose control of their payment information — it’s frequently sold on the black market and used to make fake credit cards or fraudulent card-not-present transactions — Dairy Queen’s statement said, “We have no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection.”

The malware entered store payment systems as early as Aug. 1 and captured payment data through early September, in some cases. The breach dates for specific locations are included on Dairy Queen’s online list of affected stores. Consumers should monitor their credit and debit card activity for fraudulent transactions — that’s a good habit to practice whether or not you enjoy the occasional Blizzard — and contact their card issuers as soon as they detect unauthorized activity.

“I think if I had a debit card and I shopped at a Dairy Queen in the time frame, I would ask the bank to change my debit card number,” said Adam Levin, identity theft expert and chairman and co-founder of Credit.com. It’s a similar situation to other breaches consumers have read about, Levin said, and the best way to react is to monitor your card transactions. Most banks and card issuers allow you to sign up for transaction alerts for free.

Get everything you need to master your credit today.

Get started for free

Beyond regularly checking account activity, it’s a good idea to stay updated on your credit score, because credit card fraud can damage your credit standing. If fraudsters run up your credit card balance, your credit utilization rate will rise, and your credit score will suffer. To minimize fraud-related credit damage, check your scores frequently: You can get two of your credit scores for free on Credit.com, with updates every 14 days. With these commonly occurring data breaches, there’s not much for consumers to do other than watch their accounts so they can act at the first signs of fraud.