2. freegoogleslidestemplates.com
News Coverage (Initial Breach)
Our Visit To An Impacted Wendy’s
Wendy’s Overview
Timeline of the Breach
Wendy’s Public Statement
Evidence and Handling
Incident Response Team
Seeking Legal Counsel
Steps to Fix Security Breach
Reputational Damages
Financial Damages
Steps to Repair Reputation
What have we learned?
Q & A
Table of Contents
5. freegoogleslidestemplates.com
Wendy’s Overview
Wendy’s is a fast food chain restaurant operating
in 30 countries with over 6,490 different locations.
Installation and updates of POS systems are
managed by a third party vendor.
The Company was founded by Dave Thomas in 1969.
Dave, himself, was an orphan and leveraged his
success from Wendy's to start the Dave Thomas
Foundation for Adoption.
6. freegoogleslidestemplates.com
Fall 2015
Fall 2015:Wendy’s
breached by POS
system
January
Payment Company Contacts
Wendys
April
Wendy’s confirms
investigating potential
breach
M
ay
June
Wendy’s confirms
malware on POS
systems in “some”
locations
January February April May June July
Federal credit union sues
Wendy’s for not taking
adequate steps for cyber
security
Wendy’s reports
breach impact of
fewer than 300
franchise, “Malware is
Eradicated”
Reports that breaches
impact more locations
than expected with
different variations of
malware. Also reported
the malware is
disabled.
Updated list of breached
locations shows that 1,025
restaurants has been
breached.
Timeline of the Breach
Wendy’s stock has
fallen 13% in the
past 3 months
Statement from
CEO stating
Malware has been
eradicated
8. freegoogleslidestemplates.com
Malware discovered on Wendy’s POS
system
Similar POS systems from the same vendor
were found to have the same Malware
Evidence and Handling
Bring on EY since they specialize in forensic
evidence recovery and documentation
Evidence Handling
9. freegoogleslidestemplates.com
Incident Response Team
Board of Directors
Chief Information Security Officer
or
Senior Risk Manager
Data Breach Response Team
Lead
Human
Resources
Communications
and Public
Relations
Physical Security
Information
Technology
Legal &
Compliance
Customer
Service
Chief Executive
Officer
Law
Enforcement
Forensics
Investigation
Firm
External Cyber
Law Firm &
Compliance
Insurance/Risk
Management
Brokerage
Firm
Credit
Monitoring
Identity
Protection
Services
Breach
Notification &
Call Center
Services
10. freegoogleslidestemplates.com
Seeking Legal Counsel
During Wendy’s crisis, Federal
Credit Union filed a class
action lawsuit claiming that
Wendy’s was completely
negligent in handling the
situation from the beginning.
Between the lawsuit and the
crisis itself, Wendy’s needed a
legal counsel for consultation
Wendy’s Internal Investigation
should notify the FBI so they
are aware of the breach, scope
of the breach, and how the
breach occurred.
11. freegoogleslidestemplates.com
Steps to Fix Security Breach
Source a New Vendor for POS
system hosting. Verify New Vendor
utilizes Direct 1 approvals for
changes to systems.
Initiate corporate
communications to
employees about the
importance of security
hygiene
Implement security policies that
ensure POS terminal are in
“slave” mode and that usb hub
settings are deactivated
Step 1 Step 2 Step 3 Step 4
Perform yearly internal audit
testing of these new policies
to ensure a repeat of this
style attack cannot happen in
the future. Day-to-day
monitoring will be continuous
from second line.
13. freegoogleslidestemplates.com
Financial Damages
Settlement Fees Estimations
Credit Union reports that Wendy’s breach
might be 5-10 times worse than breaches
at Home Depot and Target.
Home Depot agreed to pay at least $19.5
million to compensate U.S. consumers in
2015
Target incurred over $39 million in breach
expenses in 2013
Declining Stock Price
Wendy's stock were down 1.14% to $9.52 in
midday trade after the company
announced that it had learned more
about recent "malicious cyber activity" at
various locations in June.
14. freegoogleslidestemplates.com
Steps to Repair Reputation
Message from the CEO
explaining that Wendy’s was
taking the security breach
seriously.
Provide credit monitoring
up to a $1 million per
customer
Secure a consultancy firm that
specializes in crisis management
to provide consumers assurance.
Step 1 Step 2 Step 3 Step 4
Public release of milestones as
they continue to remedy cyber
failures, side by side
comparison to Target and Home
Depot showing effective
methods.
15. freegoogleslidestemplates.com
Initially Wendy’s was careless about the security
breach and took no evasive action. This
negligence exposed them to more breaches and
caused the media to scrutinize the company's
stand on cyber security.
The effect was the Federal Credit Union suing
Wendy’s for such careless acts.
Also, customers questioned how much Wendy's
valued them if they did not take the breach
seriously
What have we learned?
- When a crisis hits your company:
- Spring into action and assure
customers that you are taking all the
proper steps in mitigating damage
- Waiting to take action will only harm the
company more
- Show customers the company cares
about them and their personal
information
Lessons