Arby's Data Breach: How to find out if your card was compromised

Arby's Data Breach: How to find out if your card was compromised
The interior of Arby's new "Inspire" restaurant design. (PRNewsFoto/Arby's Restaurant Group, Inc.) THIS CONTENT IS PROVIDED BY PRNewsfoto and is for EDITORIAL USE ONLY**
Source: Uncredited/AP
The interior of Arby's new "Inspire" restaurant design. (PRNewsFoto/Arby's Restaurant Group, Inc.) THIS CONTENT IS PROVIDED BY PRNewsfoto and is for EDITORIAL USE ONLY**
Source: Uncredited/AP

That Arby's roast beef sandwich and curly fries may end up costing a lot more than you anticipated. 

At least 355,000 credit and debit cards have been compromised through a security breach at "a large fast food restaurant chain," according to PSCU, a servicing company for credit unions. That chain seems to be Arby's, news that was first reported by the security journalist Brian Krebs, of KrebsOnSecurity

Arby's confirmed to Krebs that a breach had indeed affected hundreds of stores, although it declined to comment on how long the payments processors were compromised. The PSCU alert said the breach likely happened between Oct. 25 and Jan. 19, according to Krebs.

"Arby’s Restaurant Group, Inc., was recently provided with information that prompted it to launch an investigation of its payment card systems," Arby’s senior vice president of communications Christopher Fuller emailed Mic.

"While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted," Fuller wrote. "ARG reminds guests that it is always advisable to closely monitor their payment card account statements for any unauthorized activity. If guests discover any unauthorized charges, they should report them immediately to the bank that issued their card."

The company is still investigating the extent of the breach, which reportedly affected hundreds of stores.
Source: Wilfredo Lee/AP

Arby's Fuller also declined to comment to Mic on the number of restaurant locations affected, but said it was informed of the breach in mid-January.

Krebs noted that most point-of-purchase scams involve installing malware on a physical device or logging in remotely. 

Hackers then use the malware to pull personal data off of your credit and debit cards: Once they've got your personal info, they then sell it to a separate class of scammers who specialize in encoding that data onto magnetic strips.

Then they can use those to go make purchases — just as if they were you, reported Krebs.

"The continuing saga of retail data breaches have become a national nightmare," National Association of Federally-Insured Credit Unions president and CEO Dan Berger said in a press release about the Arby's security breach.

Concerned about your personal information?

KrebsOnSecurity wrote there's "no substitute" for paying attention to your credit and debit card statements: Report errors to your processor ASAP. 

Credit cards also have more expansive fraud protection than debit cards, so if you've been hesitant about picking up some plastic, consider the upside: Fraudulent charges will never set you back more than $50 — whereas your debit card account can be totally wiped out.

And be sure to always use rigorous, long passwords to protect your online accounts, along with two-factor authentication whenever possible.

Finally, check out Mic's guide to spotting a card skimmer and to protecting yourself from fraud.

Sign up for The Payoff — your weekly crash course on how to live your best financial life. Additionally, for all your burning money questions, check out Mic’s creditsavingscareerinvesting and health care hubs for more information — that pays off.