International Dairy Queen, the company behind the ice cream and fast food chains DQ and Orange Julius, says the systems of some DQ locations and one Orange Julius location in the U.S. fell victim to the Backoff malware. The company conducted an investigation, including retaining external forensic experts.

Nearly all DQ and Orange Julius locations are independently owned and operated, and the company says the investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at some locations.  The Backoff malware is believed to have impacted payment card data at 395 of the 4,500 U.S. locations. The affected systems contained payment card customer names, numbers and expiration dates. 

[Image courtesy: Dairy Queen]