Data Breach at Wendy On February 22, 2026, a threat actor claimed to have leaked what they are referring to as the "Wendy's International Franchise Database," which exposed credentials for live payment integration, franchisee contact information, and sensitive operational configurations across several food service brands This article explores data breach wendy. . As of this writing, neither Wendy's US nor Wendy's UK had made any public acknowledgement, and neither had The Access Group, whose QikServe platform is most likely the underlying infrastructure.

Claim of the Threat Actor Franchisee records, including complete physical addresses, latitude/longitude coordinates, and contact email addresses, are purportedly included in the leaked dataset. The dump contains timezone/locale settings, internal venue status (ACTIVE), next available ordering slots, opening hours with pickup and delivery flags, and daily operational configurations in addition to location data.

Find out more Planning for incident response Analysis of security threats The dataset is verified as current and not archival by Cyber Active promotional records with creation and update timestamps verified as recent as February 2026. Credentials for live payment integration are the most important exposure. A Sentry DSN (Data Source Name), several Stripe pk_live publishable keys, and Worldpay Access configurations with Apple Pay and Google Pay merchant IDs are purportedly included in the database.

Although Stripe publishable keys are client-side by design, their combination with Sentry DSN credentials and merchant IDs significantly increases the attack surface. Adversaries may be able to monitor application errors, inject fraudulent telemetry, and deduce backend infrastructure details using a compromised Sentry DSN. Additionally, per-venue feature flags that show which platform modules are active at each location were made public.

Sample records from the Multi-Brand Platform Link to QikServe include those from Wendy's Oxford (UK), Brackley Pub, Sbarro Colne (inside a gas station), City Mill Bakes (Gibraltar), and KFC Nitra (Slovakia). The fact that several unrelated food service brands have the same database architecture strongly suggests that a shared hospitality SaaS platform—likely QikServe, which is currently a part of The Access Group—is the source of the breach. Screenshot of sample records In September 2024, the Access Group purchased QikServe, a platform that processes hundreds of millions of transactions and generates over £3 billion in digital sales annually across more than 8,000 locations in more than 40 countries.

Citing internal consistency across all sample records, timestamps up to 2026, and a database structure that matches known hospitality SaaS online-ordering backends, the threat intelligence report gives it a confidence rating of four out of four. Find out more Consulting services for cybersecurity PenTest Event management for security information The following should be handled urgently by franchisees and platform operators that are impacted. Since their combination with merchant IDs and feature configurations generates exploitable transaction flows, all live Stripe publishable keys and Worldpay merchant credentials ought to be rotated right away.

Regenerating Sentry DSN endpoints will prevent adversaries from accessing telemetry. To find unauthorized queries, a thorough audit of the QikServe /Access Hospitality API access logs is recommended.

Given that operational PII and franchisee contact data are included in scope, franchisees in the UK and Europe must also evaluate their GDPR notification obligations under EU GDPR Article 33 and the UK GDPR. X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.