International Dairy Queen, Inc. has confirmed the conclusion of an external investigation that found customer payment card data at 395 stores in the United States, including a St Augustine Dairy Queen, was exposed when a third-party vendor’s account credentials were compromised and used to access systems at those locations.
Associate Vice President of Communications for American Dairy Queen Corporation, Dean A. Peters, made the announcement to Historic City News and the national media in a published alert that identified the store locations where the computer malware intrusions occurred.
“Affected franchise owners, law enforcement authorities and the payment card brands, participated in the investigation to assess the nature and scope of the issue,” Peters wrote. “Nearly 400 of our stores had been infected with the widely-reported Backoff malware.”
If you used your card to make purchases between Wednesday, August 06, 2014 and Saturday, August 30, 2014, at the St Augustine Dairy Queen Brazier located at 2375 SR-16, you should take the necessary steps to protect yourself from the consequences of this data intrusion.
The affected systems contained payment card customer names, numbers and expiration dates. The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection.
As a precaution, the company is offering free identity repair services for one year to customers in the U.S. who used their payment card at one of the impacted DQ or Orange Julius locations during the relevant time period. Peters is reporting that, based on the investigation, “we are confident that this malware has been contained.” John Gainor, president and CEO of International Dairy Queen, said, “We are committed to working with and supporting our affected DQ and Orange Julius franchise owners to address this incident.”
THE FOLLOWING COUNTER-MEASURES ARE RECOMMENDED:
Order Your Free Credit Report. To order your free credit report, visit www.annualcreditreport.com, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three nationwide consumer reporting agencies provide free annual credit reports only through the website, toll-free number or request form.
When you receive your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you haven’t requested credit. Some companies bill under names other than their store or commercial names. The consumer reporting agency will be able to tell you when that is the case. Look in the “personal information” section for any inaccuracies in your information (such as home address and Social Security number). If you see anything you do not understand, call the consumer reporting agency at the telephone number on the report. Errors in this information may be a warning sign of possible identity theft. You should notify the consumer reporting agencies of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate consumer reporting agency by telephone and in writing. Consumer reporting agency staff will review your report with you. If the information can’t be explained, then you will need to call the creditors involved. Information that can’t be explained also should be reported to your local police or sheriff’s office because it may signal criminal activity.
Identity Repair Services. We are offering affected customers in the U.S. who used their payment card at one of the impacted Dairy Queen locations or the one impacted Orange Julius location during the relevant time period identity repair services (AllClear SECURE) from AllClear ID for one year at no cost to them. These services start on October 9, 2014 and will be available at any time during the next 12 months. These services provide affected customers with a dedicated investigator to assist them with fraud-related issues arising from this incident. These services are automatically available to affected customers and no enrollment is required. Affected customers may receive these fraud assistance services by calling 1-855-865-4456.
Report Incidents. If you detect any unauthorized transactions in a financial account, promptly notify your payment card company or financial institution. If you detect any incident of identity theft or fraud, promptly report the incident to law enforcement, the FTC and your state Attorney General. If you believe your identity has been stolen, the FTC recommends that you take these steps:
- Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at www.ftc.gov/idtheft) when you dispute new unauthorized accounts.
- File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.
You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft and how to repair identity theft:
Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
Consider Placing a Fraud Alert on Your Credit File. To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft. The alert notifies the merchant to take steps to verify the identity of the applicant. You can place a fraud alert on your credit report by calling any one of the toll-free numbers provided below. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three consumer reporting agencies. For more information on fraud alerts, you also may contact the FTC as described above.
Equifax Equifax Credit Information Services, Inc.
P.O. Box 740241
Atlanta, GA 30374
1-800-525-6285 www.equifax.com Experian Experian Inc.
P.O. Box 9554
Allen, TX 75013
1-888-397-3742 www.experian.com TransUnion TransUnion LLC
P.O. Box 2000
Chester, PA 19022-2000
Consider Placing a Security Freeze on Your Credit File. You may wish to place a “security freeze” (also known as a “credit freeze”) on your credit file. A security freeze is designed to prevent potential creditors from accessing your credit file at the consumer reporting agencies without your consent. There may be fees for placing, lifting, and/or removing a security freeze, which generally range from $5-$20 per action. Unlike a fraud alert, you must place a security freeze on your credit file at each consumer reporting agency individually. For more information on security freezes, you may contact the three nationwide consumer reporting agencies or the FTC as described above. As the instructions for establishing a security freeze differ from state to state, please contact the three nationwide consumer reporting agencies to find out more information.
The consumer reporting agencies may require proper identification prior to honoring your request. For example, you may be asked to provide:
- Your full name with middle initial and generation (such as Jr., Sr., II, III)
- Your Social Security number
- Your date of birth
- Addresses where you have lived over the past five years
- A legible copy of a government-issued identification card (such as a state driver’s license or military ID card)
- Proof of your current residential address (such as a current utility bill or account statement)