International Dairy Queen today confirmed that the systems of some of its locations, including three in Wisconsin, had been infected with the widely-reported Backoff malware that is targeting retailers across the country.

SHARE

By of the

Dairy Queen was hit by a data breach this summer and credit and debit cards used at three Wisconsin stores were exposed in the hacking, the chain announced late Thursday.

Dairy Queens in Fitchburg, Seymour and Marshfield were among 395 stores nationwide hit by the data breach, which took place in August and early September, according to a list of affected Dairy Queen stores. Here are the stores and time frames:

■3030 Fish Hatchery Road, Fitchburg: Friday, Aug. 1, through Sunday, Aug. 31

■321 E. State Highway 54, Seymour: Friday, Aug. 1, through Monday, Sept. 1

■803 N. Central Ave., Marshfield: Monday, Aug. 4, through Saturday, Aug. 30.

Customers' names, payment numbers and expiration dates were stolen in the attack, which was caused by a malware called Backoff, Dairy Queen's president and chief executive officer, John Gainor, said in a news release Thursday.

"We have no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection," he said. "Based on our investigation, we are confident that this malware has been contained."

Dairy Queen is offering free identity repair services for a year to customers who used their payment card at one of the affected locations during the breach period. The service from AllClear SECURE starts immediately and is available until Oct. 9, 2015. No enrollment is required. People who need assistance can call (855) 865-4456. More information is available on Dairy Queen's website.

Gainor apologized for the breach and said the chain is notifying customers about the breach so they can take steps to protect their information. He encouraged people to review bank account statements carefully and get a free copy of their annual credit report. The free report is available at www.annualcreditreport.com or by calling (877-322-8228).

Signs of identity theft include mistakes on your bank, credit card or other statements; bills or collection notices for products or services you never received; calls from debt collectors about debts that don't belong to you and unwarranted collection notices on your credit report.

As in previous data breaches at Home Depot and Jimmy Johns, people who believe their credit or debit card may have been fraudulently used should contact their bank or card issuer immediately and report it to police.

Gainor said the malware was only present on "a small percentage" of Dairy Queen locations. The chain has more than 6,000 stores around the world.

Security reporter Brian Krebs initially reported a possible Dairy Queen data breach in mid-August based on reports from financial institutions. At the time, the chain denied it. Two weeks later, on Aug. 28, a spokesman confirmed to Krebs that the company had heard from the U.S. Secret Service about "suspicious activity" related to a strain of card-stealing malware found in hundreds of other retail hackings.

Get the latest consumer stories, viral stories, scam alerts as they happen. Visit the Public Investigator blog at jsonline.com/piblog.

Facebook: fb.me/GitteLaasbyPage

Twitter: @GitteLaasbyMJS