A week after crooks hacked into its customers' financial data, Dairy Queen still hasn't released specifics on the breach.
Still, the Edina-based company said in a statement Thursday it has "determined that only a small portion of our 4,500 U.S. stores are potential victims of the criminal activity. The stores are not geographically clustered and each has a mitigation plan."
Those mitigation plans include using lower-risk methods of processing credit or debit cards — and accepting cash only.
Dairy Queen, owned by Warren Buffett's Berkshire Hathaway, is a well-known purveyor of ice cream and fast food with about 275 stores in Minnesota alone. Dean Peters, a Dairy Queen spokesman, couldn't say how many stores or customers in Minnesota — or any other state — have been affected by the breach.
"We are doing everything we can right now to get that information and get it as soon as possible," Peters said.
Dairy Queen's efforts to track the hack may be complicated by its business structure. Almost all of its stores are owned by franchisees, so there could be a multiplicity of information technology systems. Dairy Queen has 3,000 franchisees in the United States, many operating just a handful of stores.
Of course, such a decentralized system like Dairy Queen's may also have impeded a wider hack.
The forensic examination of any major corporate hack can take a while, said Patrick McBride, vice president of marketing and communications at cyber intelligence firm iSight Partners.
