Wendy’s confirmed yesterday in its first quarter financial statement that its investigation into a credit card breach did uncover malicious software on its point of sale systems on fewer than 300 of its stores nationwide [view related posts here and here]. It further confirmed that the malware has been removed from the affected locations.

The malware is believed to have been installed through third-party vendor credentials starting in the fall of 2015. We have seen many examples of this over the past two years, and emphasizes how important it is to manage third party access to systems.