This article co-authored with guest blogger Leonel Gonzalez, a R+C summer associate and student at Roger Williams University School of Law

Back in May of this year, Wendy’s reported “fewer than 300” locations had been hacked by malicious malware that targeted customer credit card information. Last week, Wendy’s released a list of 1,025 restaurant locations that were impacted by the data breach.

The breach originated from a compromised unnamed third-party “service provider.” The attackers were able to use the service provider’s credentials to access and install malware into the credit card systems of the restaurant, also known as the point-of-sale systems. As a result, the attackers had access to customer credit card information including, names, credit card numbers, expiration dates, and security codes.

The investigation is still ongoing and it is possible other restaurant locations may have been hacked. The “service provider” is still unnamed and it is unclear if other businesses are at risk.

Wendy’s is offering fraud counseling and identity restoration services for customers who used a credit card during the impacted time at one of the listed restaurant locations. The full list of restaurant locations affected by this breach can be accessed here.