Dairy QueenAfter announcing that it had suffered a data breach in September, Dairy Queen has released a statement with details on how many stores were affected. In total, 395 Dairy Queen stores and one Orange Julius store had their payment systems compromised by the infamous “Backoff” malware. This is the same malware which the U.S. Department of Homeland Security has determined to have hit more than 1,000 businesses across the country. Although the Dairy Queen breach was first reported by security blogger Brian Krebs in August, it has taken six weeks for the company to provide the full details to its customers.

What customer information was exposed?

Because this attack compromised the point-of-sales system on Dairy Queen’s cash registers, customer’s payment cards were exposed. That means the thieves stole all of the data typically found on a credit card: customer names, card numbers and expiration dates. Fortunately for debit card holders, Dairy Queen has stated that there is no evidence PINs were exposed. Other personal information, such as email addresses or social security numbers, is also safe.

How is Dairy Queen taking care of the matter?

Dairy Queen has set up a website with information about the breach, including a full list of each store that was compromised. If you used a payment card at one of these locations during the relevant time period, Dairy Queen has promised to provide one year of free credit monitoring service from AllClear ID. There is a phone number customers can call for further assistance, if necessary. Although it’s generous of Dairy Queen to offer identity theft protection for free, AllClear ID may not offer enough protection for customers impacted by the breach. For more information about how AllClear ID’s services stack up against the top-rated identity theft programs, check out our blog post comparing the services.

What steps can I take to stay safe?

1. Keep an eye on your payment card statements. If you shopped at one of the affected locations during the time of the breach, it’s important to keep an eye on your bank or credit card statements. Look for unfamiliar transactions, including those under $10, and be sure to report any suspicious activity right away. The sooner you can catch fraud, the less of a headache it will be for you to deal with. 

2. Consider requesting a new card. This may not be necessary, but if you want to prevent the headache before it begins, you can try contacting your financial institution to request a new card. Some may be reluctant to give out a new card if there haven’t been any fraudulent charges on the account, but if you are persistent, they may follow through.

3. Be wary of phishing attempts. Although email addresses and phone numbers were not exposed during this attack, customer names were. Scammers and thieves will take any opportunity they can get to take advantage of people, so you should be on the alert for phone calls or emails claiming to be from Dairy Queen or related entities. Sometimes after a data breach, a retailer will reach out to the customers affected, but this has not typically been the case. If you receive any phone calls, do not give out your personal information. Get as much information from the caller as you can, then hang up and call the customer support number on Dairy Queen’s website. If you receive an email, do not click on any links. Instead, visit DairyQueen.com and follow links to sign up for your complimentary credit monitoring service from there.

To learn more about protecting yourself from identity theft, check out our comprehensive review page.