Who: Wendy’s Co.

# of Records: Credit Card Data from 1000 Wendy’s locations

When it happened: 2015 and 2016

What happened: Criminals installed malware on the restaurants’ point-of-sale systems exposing the credit card information of customers at more than 1,000 Wendy’s locations in 2015 and 2016.

How it happened: At least 1,025 Wendy’s locations were hit by a malware-driven credit card breach that began in the fall of 2015 when an unnamed third-party Point of Sales provider was hacked. This third-party vendor provided POS services to franchised Wendy’s locations and maintained remote access to the compromised cash registers.

Outcome: Wendy’s agreed to pay $50 million in negligence claims to 26 financial institutions to settle claims following a data-card breach that hit the chain in 2015 and 2016. The company had previously settled a class action lawsuit last September from customers affected by the data breach.