Wendy's today said 1,025 of its restaurants nationwide were hit by thieves who stole customers' debit and credit card numbers and noted that number is "considerably higher" than originally thought.

In Ohio, 36 locations were affected.

The problem started last fall, the company said in a statement. The Columbus-based chain said it was actually hit by at least two cyber attacks. Today, the company gave more details on the number of locations hit and offered help for customers who may have been affected.

Among the Ohio locations attacked by hackers: Akron, Ashtabula, Avon, Canton, Cincinnati, Columbus, Dayton, Geneva, Mansfield and Painesville. Here are the addresses for the local restaurants affected:



Akron: 2060 Mogadore Road, affected from 1/13/2016 to 6/8/2016

Ashtabula: 1040 Prospect Road, affected from 1/13/2016 to 6/8/2016

Avon: 1487 Center Road, affected from 1/13/2016 to 6/8/2016

Canton: 1301 30th St., affected from 1/13/2016 to 6/8/2016

Painesville: 1550 Mentor Ave., affected from 1/13/2016 to 6/8/2016

Earlier this year, Wendy's said it believed about 300 of its 5,500 franchise locations in North America were affected. That number grew to 1,025 as the investigation progressed.

For more information:

Wendy's says customers may call a toll-free number 866-779-0485, from 8 a.m. to 5:30 p.m. CST, Monday through Friday to receive additional information on the incident and to access the fraud consultation and identity restoration services.

The list of locations with addresses is searchable at https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates#drop_down



"As we have reported over the past several months, unfortunately, some Wendy's restaurants have been the victim of malicious cyber activity targeting customers' payment card information," Todd Penegor, president and CEO said in the statement.

"We sincerely apologize to anyone who has been inconvenienced as a result of these highly sophisticated, criminal cyberattacks. We have conducted a rigorous investigation to understand what has happened and we are committed to protecting our customers and keeping you informed."

3 reasons thieves love debit cards

1. Debit cards can mean cash since they are linked to someone's bank account. Getting money from an ATM or getting cash back from a transaction at a store requires a PIN, but fraudsters are getting more sophisticated and are getting cash without a PIN, according to the American Bankers Association.

2. Debit cards don't get flagged for fraud and shut down as quickly, according to the Identity Theft Resource Center in California. The reason: Account monitoring isn't as thorough because the transactions are processed through different networks.

Credit card networks have more thorough histories on individuals so they can better detect suspicious transactions. The debit card network, however, can rely only on a person's transaction history with that specific bank -- Key or PNC or whichever -- not the entire MasterCard and Visa system.

3. Banks are less likely to freeze debit cards when they do notice something suspicious (compared with credit cards). The reason: The bar is higher to block people from using their own money.

Wendy's first disclosed its breach in February, months after it was rumored in banking and identity theft circles.

The company said that customer information stolen included cardholders' names, credit or debit card numbers, expiration dates, the cardholder verification value, and service code.

After working with third-party forensic experts, federal authorities and those in the payment card industry, Wendy's said it believes the cyberattacks occurred after a service provider's remote access credentials were compromised. That allowed thieves to send malware to some franchisees' point-of-sale systems. Wendy's doesn't believe any company-operated restaurants were hit.

Wendy's is urging customers to "remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity."

As is customary in these data breach cases, Wendy's is offering one year of complimentary fraud consultation and identity restoration services to all customers who used a payment card at an affected restaurant.

Thieves sell stolen debit and credit card numbers for $20 to $100 each; debit cards go for more because they can access cash and because banks are slower to shut down them for suspected fraud.

There are some things you should do now, before you hear whether your credit or debit card was affected by this breach or see a fraudulent charge. Even if you escaped this one, there will almost surely be another breach in the future and you should know now what actions you'll take: