Arby's fans beware: you might have spent only a few bucks on lunch, but there's a chance that your roast beef sandwich craving ended up costing you a pretty penny without your knowledge.
The famous fast food chain announced on Feb. 9 that somebody had installed malware onto its credit card-processing software at hundreds of restaurants around the country, according to KrebsOnSecurity.
"Arby's Restaurant Group, Inc. was recently provided with information that prompted it to launch an investigation of its payment card systems," the company said in a written statement to KrebsOnSecurity.
Arby's did not state how long they determined the malware to be in their system, although the credit union organization PSCU estimated that the breach lasted between Oct. 25, 2016 and Jan. 19, 2017.
According to the ARG spokesperson, the FBI advised the Atlanta-based chain to not release information while the investigation was still active.
"Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts," said the ARG statement. "While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted."
The breach impacted only corporate stores -- roughly one-third of the more than 3,330 across the nation -- while franchise ones were not hacked. ARG has not yet released a list of individuals stores were at risk.
"Although there are over 1,000 corporate Arby's restaurants, not all of the corporate restaurants were affected," Christopher Fuller, Arby's senior vice president of communications, told KrebsOnSecurity. "But this is the most important point: That we have fully contained and eradicated the malware that was on our point-of-sale systems."
According to Dan Berger, the CEO of the National Association of Federally-Insured Credit Unions, anyone who frequently makes purchases with their plastic should stay vigilant in the face of the "national nightmare" that is retail data security, notes USA Today.
"Last year, the number of data breaches shattered all records and climbed 40 percent higher than reported in 2015 and there is no sign of the criminals letting up," Berger added. "In 2017, we have already hit 110 breaches, a 36 percent hike over the same time last year."
Though the breach has been contained, ARG recommends that all potentially impacted customers keep a close eye on their bank statements and promptly report any suspicious activity.