Bad news for Dairy Queen lovers: a company spokesman confirmed today that yes, hackers have breached their customer database, stealing numbers and making fraudulent purchases with the accounts of an unknown number of customers from an unspecified number of DQ locations.
More specifically, Dairy Queen confirmed that the U.S. Secret Service had contacted them about “card-stealing malware.”
Security blogger Brian Krebs first reported on Aug. 26 that his sources in the financial industry were seeing signs indicating a Dairy Queen database breach. Banks, credit unions and other debit- or credit-card-issuing institutions from around the country were getting huge numbers of fraudulent-charge reports from customers who all had one thing in common: they'd recently used their cards at various Dairy Queen locations.
But Krebs updated his story today to report that a Dairy Queen spokesman confirmed that the Secret Service had recently contacted the company about “suspicious activity” involving malware that had been used to steal card information from “hundreds” of other retailers.
So far, that's all anybody knows: some customers, who “recently” visited some Dairy Queen locations, are at risk. As for how many customers, which specific locations in which states, and what actual time frame counts as “recently” … right now, chances are even Dairy Queen and the U.S. Secret Service don't know for sure.