On October 9, 2014, the California Office of the Attorney General disclosed a data breach affecting **International Dairy Queen, Inc. (IDQ)**, involving nine Dairy Queen and one Orange Julius location in California. The incident stemmed from the **Backoff malware**, a point-of-sale (POS) threat that infiltrated payment systems, potentially exposing customers' **payment card details**, including names, card numbers, and expiration dates. The breach extended beyond California, impacting **395 U.S. locations** in total. The compromised data primarily involved **financial information tied to payment transactions**, though there was no explicit confirmation of large-scale fraud or identity theft stemming directly from the incident. The malware exploited vulnerabilities in the POS systems, allowing unauthorized access to cardholder data during transactions. While the breach did not result in a full-scale operational shutdown or broader systemic damage, it posed significant **reputational and financial risks** for IDQ, including potential regulatory penalties, customer distrust, and costs associated with remediation, such as card reissuance and fraud monitoring. The incident highlighted vulnerabilities in retail payment infrastructures and underscored the growing threat of **POS malware** in compromising consumer financial data. IDQ likely faced scrutiny over its cybersecurity measures, particularly in securing third-party vendor systems and detecting intrusions in a timely manner.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-46950
TPRM report: https://www.rankiteo.com/company/dairy-queen
"id": "dai732082025",
"linkid": "dairy-queen",
"type": "Breach",
"date": "10/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Food & Beverage / Retail',
'location': [{'country': 'United States',
'specific_locations': ['Nine Dairy Queen '
'locations',
'One Orange '
'Julius location'],
'state': 'California'},
{'country': 'United States',
'total_locations_affected': 395}],
'name': 'International Dairy Queen, Inc. (IDQ)',
'type': 'Corporation'}],
'attack_vector': 'Backoff Malware',
'data_breach': {'personally_identifiable_information': 'Partial (payment card '
'details only)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment card names',
'Payment card numbers',
'Expiration dates']},
'date_publicly_disclosed': '2014-10-09',
'description': 'The California Office of the Attorney General reported a data '
'breach on October 9, 2014, involving International Dairy '
'Queen, Inc. (IDQ) at nine Dairy Queen and one Orange Julius '
'locations in California. The breach included the presence of '
"Backoff malware, which potentially compromised customers' "
'payment card names, numbers, and expiration dates, affecting '
'a total of 395 U.S. locations.',
'impact': {'data_compromised': ['Payment card names',
'Payment card numbers',
'Expiration dates'],
'identity_theft_risk': 'High (payment card data exposed)',
'payment_information_risk': 'High (payment card names, numbers, '
'and expiration dates compromised)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at International Dairy Queen, Inc. (IDQ) Involving '
'Backoff Malware',
'type': 'Data Breach / Malware Infection'}