Dairy Queen still light on details of data breach

With more than 3,000 franchisees, connecting dots will take time.

By Mike Hughlett Star Tribune

September 4, 2014 — 9:45pm

A week after crooks hacked into its customers' financial data, Dairy Queen still hasn't released specifics on the breach.

Still, the Edina-based company said in a statement Thursday it has "determined that only a small portion of our 4,500 U.S. stores are potential victims of the criminal activity. The stores are not geographically clustered and each has a mitigation plan."

Those mitigation plans include using lower-risk methods of processing credit or debit cards — and accepting cash only.

Dairy Queen, owned by Warren Buffett's Berkshire Hathaway, is a well-known purveyor of ice cream and fast food with about 275 stores in Minnesota alone. Dean Peters, a Dairy Queen spokesman, couldn't say how many stores or customers in Minnesota — or any other state — have been affected by the breach.

"We are doing everything we can right now to get that information and get it as soon as possible," Peters said.

Dairy Queen's efforts to track the hack may be complicated by its business structure. Almost all of its stores are owned by franchisees, so there could be a multiplicity of information technology systems. Dairy Queen has 3,000 franchisees in the United States, many operating just a handful of stores.

Of course, such a decentralized system like Dairy Queen's may also have impeded a wider hack.

The forensic examination of any major corporate hack can take a while, said Patrick McBride, vice president of marketing and communications at cyber intelligence firm iSight Partners.

While not commenting directly on Dairy Queen, he said that "in trying to sort out exactly what happened, how many stores and how many customers are involved, there's a lot of dots to connect, a lot of breadcrumbs to follow. It's always a difficult task."

Dairy Queen was stricken with "Backoff" malware, and last week the U.S. Department of Homeland Security said that more than 1,000 retailers could have been hit by it.

Backoff is believed to be behind a hack announced in mid-August by Eden Prairie-based Supervalu, which affected just over 1,000 grocery and liquor stores; and the massive attack on Target during the 2013 holiday season, which exposed the financial data of 70 million customers.

Mike Hughlett • 612-673-7003

StarTribune

Dairy Queen still light on details of data breach

Biden administration set to provide $6.1 billion to Micron Technology for chip plants in NY, Idaho

US reimposes oil sanctions on Venezuela as hopes for a fair presidential election fades

Who owns businesses in California? A lawmaker wants the public to know

CSX profit drops 10% despite railroad delivering 3% more freight in first quarter

Tennessee judge wants more information on copyright before ruling on school shooter's writings