Wendy’s, a fast food chain that serves burgers, fries, and salad experiences, has had some recent issues with malware. Specifically, they announced last month that about 300 franchisees had been hit with malware that breached customers’ card data. The investigation continued, though, and so did fraudulent charges. It turns out that there was another piece of malware lurking in payment systems. The number of stores hit is “considerably higher” than the company originally thought.

The company insists that the breached point-of-sale system was only still in use in franchised restaurants, and none of the restaurants that the company itself operates were affected. The company isn’t prepared to announce how many stores were affected yet, but security reporter Brian Krebs notes that his sources were certain that more than 300 restaurants had been affected because of the number of cards that had been breached.

The original breach may have happened due to the actions of a service provider: the company reports that its experts believe that the breach “resulted from certain service providers’ remote access credentials being compromised.”

Wendy’s is fairly sure that they’ve eradicated the malware, but warns that it’s sophisticated and difficult to detect. Maybe bring cash for your next salad experience, just in case.

There’s the Beef: Wendy’s Breach Numbers About to Get Much Meatier