Edit ModuleShow Tags
Edit ModuleShow Tags

Data Breaches Likely Coming to a Franchise Near You, Attorneys Warn


Dairy Queen's Shelly O'Callaghan

“If data privacy and security is not keeping you up at night—it should,” said Leonard MacPhee, a partner at Perkins Coie and moderator of a panel on the topic at the International Franchise Association Legal Symposium in Chicago last week.

“It’s probably going to get worse before it gets better,” he added.

Sally King, co-founder of NXG Strategies, offered some sobering statistics about data breaches. “Data breach is getting much, much worse,” she said. Since 2013 more than 208 million records were lost or stolen, in 900 separate data breach incidents, she said. One study suggests 43 percent of any given business in any one year will experience a breach.

“Even though the cyber terror data breach is prominent,” she said, “there’s an equally large threat” from regular humans. Human error accounts for 47 percent of data breaches, including lost and stolen devices, etc. “You can spend millions of dollars on technology, but a single employee can cause a threat.”

Another insider threat is employees recruited by criminals to turn over customer data. “One in seven said they’d sell data, for as little as $150.” She said one survey found.

She also showed real websites that show the extent of the problem, like a “McDumpals” site that offers 1,245 stolen McDonald’s credit cards for $10,500, with a money-back guarantee that the data is still usable. She also showed a blog, buried in a legitimate Trulia real estate website that she found through Google, that recruits people to put together stolen identities from the comforts of home.

Then she showed a slide of franchises with recent data breaches: UPS, Staples, Supervalu, Wyndham Hotels, Dairy Queen, Bistro Burger & Grill and more. The cost of a data breach is $130 per record, for an average insurance claim of $733,000.

Shelly O’Callaghan, general counsel at International Dairy Queen, described Dairy Queen’s breach, which happened in October 2014. “We learned about our breach from law enforcement,” she said, which is a typical scenario, but the breach immediately became public when the famous breach blogger Brian Crebs broke the story.

“What that does is immediately thrust you into the public eye but you don’t have much information yet,” she said. “When it takes more than a week to investigate your locations, the public doesn’t understand it’s franchised,” she said. “One of the biggest things to avoid is going out with information that is not accurate. You want to be in as few news cycles as possible.


Edit Module
Edit ModuleShow Tags
Edit ModuleShow Tags
Edit ModuleShow Tags
Edit ModuleShow Tags
Edit ModuleShow Tags
Edit ModuleShow Tags

Covers everything from good news to bad judgment

About This Blog

The latest news, opinions and commentary on what's happening in the franchise arena that could affect your business.

Laura MichaelsLaura Michaels is editor of Franchise Times. She can be reached at 612.767.3210, or send story ideas to lmichaels@franchisetimes.com.
Beth EwenBeth Ewen is senior editor of Franchise Times. She can be reached at 612.767.3212, or send story ideas to bewen@franchisetimes.com.
Nicholas UptonNicholas Upton is restaurants editor at Franchise Times. He can be reached at 612.767.3226, or send story ideas to nupton@franchisetimes.com.
Mary Jo LarsonMary Jo Larson is the publisher of Franchise Times Magazine and the Restaurant Finance Monitor.  You can find her on Twitter at




Atom Feed Subscribe to the Franchise Times News Feed »

Recent Posts