WC
Company Details
Linkedin ID:
wendys-international
Website:
Employees number:
70,806
Number of followers:
234,189
NAICS:
7225
Industry Type:
Homepage:
wendys.com
IP Addresses:
0
Company ID:
THE_2040199
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
The Wendy's Company Vendor Cyber Rating & Cyber Score
wendys.comWendy's was founded in 1969 by Dave Thomas in Columbus, Ohio. Dave built his business on the premise, “Quality Is Our Recipe®”, which remains the guidepost of the Wendy's system. Wendy's is best known for its made-to-order square hamburgers, using fresh, never frozen beef*, freshly-prepared salads, and other signature items like chili, baked potatoes and the Frosty® dessert. The Wendy's Company (Nasdaq: WEN) is committed to doing the right thing and making a positive difference in the lives of others. This is most visible through the Company's support of the Dave Thomas Foundation for Adoption® and its signature Wendy's Wonderful Kids® program, which seeks to find a loving, forever home for every child in the North American foster care system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 7,000 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand. For details on franchising, connect with us at www.wendys.com/franchising.Visit www.wendys.com and www.squaredealblog.com for more information and connect with us on X and Instagram using @wendys, and on Facebook at www.facebook.com/wendys. *Fresh beef available in the contiguous U.S., Alaska, and Canada.
The Wendy's Company A.I CyberSecurity Scoring
WC Risk Score (AI oriented)Between 700 and 749
WC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
WC Global Score (TPRM)XXXX
WC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
WC Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
The Wendy's Company
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Wendy’s, the nationwide chain of fast-food restaurants suffered a possible credit card breach at some locations after it used a pattern of fraud on cards at some localities. Wendy's investigated the incident as soon as it was notified of unusual activity involving payment cards at some of our restaurant locations including fraudulent charges. Soon everything was secured and the situation was handled.
The Wendy's Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In late 2015, The Wendy's Company suffered a data breach caused by malware infiltrating its point-of-sale (POS) systems. The incident originated from compromised remote access credentials belonging to third-party service providers, allowing attackers to deploy malware across certain franchise locations. The breach specifically targeted customer payment card information, exposing sensitive financial data between December 2, 2015, and May 18, 2016. While the exact number of affected customers was not disclosed in the initial report, the California Office of the Attorney General confirmed the breach’s severity due to the potential for fraudulent transactions and financial harm to customers. The attack highlighted vulnerabilities in third-party vendor security practices and the risks associated with remote access to critical payment infrastructure. Wendy’s subsequently worked with cybersecurity firms to contain the breach, remove the malware, and enhance security protocols to prevent future incidents. The incident underscored the broader threat landscape facing retail and hospitality sectors, where POS systems remain prime targets for cybercriminals seeking financial data.
The Wendy’s Company
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported on July 7, 2016, that Wendy's experienced a data breach involving malicious cyber activity that compromised customer payment card information starting in late fall 2015. The breach affected payment card details such as cardholder names, numbers, expiration dates, verification values, and service codes, but the number of individuals impacted is currently unknown.
WC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for WC
Incidents vs Restaurants Industry Average (This Year)
No incidents recorded for The Wendy's Company in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for The Wendy's Company in 2026.
Incident Types WC vs Restaurants Industry Avg (This Year)
No incidents recorded for The Wendy's Company in 2026.
Incident History — WC (X = Date, Y = Severity)
WC cyber incidents detection timeline including parent company and subsidiaries
WC Company Subsidiaries
Wendy's was founded in 1969 by Dave Thomas in Columbus, Ohio. Dave built his business on the premise, “Quality Is Our Recipe®”, which remains the guidepost of the Wendy's system. Wendy's is best known for its made-to-order square hamburgers, using fresh, never frozen beef*, freshly-prepared salads, and other signature items like chili, baked potatoes and the Frosty® dessert. The Wendy's Company (Nasdaq: WEN) is committed to doing the right thing and making a positive difference in the lives of others. This is most visible through the Company's support of the Dave Thomas Foundation for Adoption® and its signature Wendy's Wonderful Kids® program, which seeks to find a loving, forever home for every child in the North American foster care system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 7,000 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand. For details on franchising, connect with us at www.wendys.com/franchising.Visit www.wendys.com and www.squaredealblog.com for more information and connect with us on X and Instagram using @wendys, and on Facebook at www.facebook.com/wendys. *Fresh beef available in the contiguous U.S., Alaska, and Canada.
Loading...
WC Similar Companies
Whataburger
On Aug. 8, 1950, an adventurous and determined entrepreneur named Harmon Dobson opened up the world’s first Whataburger on Ayers Street in Corpus Christi, Texas. He had a simple goal: to serve a burger so big it took two hands to hold and so good that after one bite customers would say, “What a burg
Waffle House has been serving Good Food Fast® since 1955. We started in one restaurant serving Avondale Estates, GA, and then grew into a national brand with more than 1,900 restaurants in 25 states providing career paths to 40,000 + employees. The love and devotion of our customer base helped bui
Domino's
Domino’s is a purpose-inspired, performance-driven company powered by exceptional people who are committed to feeding the power of possible—one pizza at a time. Founded in 1960 with a single store in Ypsilanti, Michigan, Domino’s has grown into one of the most recognized and leading pizza brands in
The Cheesecake Factory
We're known for our huge restaurants and generous portions but we're so much more than that! Here, you'll have big opportunities to learn and grow your career, you can take pride in the work you do, be able to balance your life with the hours and schedule you need, and be part of a team committed to
Popeyes Louisiana Kitchen
Founded in New Orleans in 1972, POPEYES® has more than 45 years of history and culinary tradition. Popeyes distinguishes itself with a unique New Orleans-style menu featuring spicy chicken, chicken tenders, fried shrimp, and other regional items. The chain's passion for its Louisiana heritage and fl
Olive Garden
Founded in 1982, Olive Garden is owned by Darden Restaurants, Inc. (NYSE:DRI), the world's largest company-owned and operated full-service restaurant company. With more than 800 restaurants, more than 92,000 employees and more than $3.5 billion in annual sales, Olive Garden is the leading restaurant
Chick-fil-A Corporate Support Center
At its Atlanta headquarters, known as the Corporate Support Center, Chick-fil-A, Inc. offers full-time careers in various fields such as Digital Transformation & Technology, Financial Services & Accounting, Enterprise Analytics, Restaurant Development, Early Talent Programs and more. Our team of mor
Jack in the Box
Jack in the Box has always been the place for those who live outside the box. Where you can try new things and order what you want when you want it. Now, let’s get to the facts! Did you know Jack in the Box was founded on February 21, 1951, by a businessman named Robert O. Peterson in San Diego, Cal
In-N-Out Burger
In-N-Out Burger was founded in 1948 by Harry and Esther Snyder in Baldwin Park, California, and remains privately owned and operated. Under the direction of the Snyder family, the company has opened restaurants throughout California, Nevada, Arizona, Utah, Texas, Oregon, Colorado, and Idaho. In-N-
.png)
WC CyberSecurity News
March 19, 2026 10:00 PM
Two Region Wendy's affected in data breach
Hackers stole customers' card information from more than 1000 Wendy's fast-food restaurants nationwide, including at two Illinois locations...
February 27, 2026 08:00 AM
Popular Italian Grill, Wendy's Location Close In Eastern Montco
This is a summary of business stories that made news this past week in eastern Montgomery County.
February 24, 2026 08:00 AM
Burger King France, Wendy’s UK allegedly hacked, data leaked
Burger King France and Wendy's UK were alleged to have been compromised by the threat actor "Eliasxy," who published datasets allegedly...
February 23, 2026 08:00 AM
Threat Actor Allegedly Claimed Leak of Wendy’s International Franchise Database
A threat actor claimed on February 22, 2026, to have leaked what they are calling the "Wendy's International Franchise Database," exposing...
February 23, 2026 08:00 AM
Wendy's Co SEC 10-K Report
Wendy's Co, a prominent player in the quick-service restaurant industry, has released its Form 10-K report for the fiscal year 2025.
February 20, 2026 08:00 AM
Cybersecurity stocks fall after Anthropic unveils Claude Code Security
Anthropic (ANTHRO) unveiled a new feature called Claude Code Security built into Claude Code on the web.
February 18, 2026 08:00 AM
Wendy’s Statistics By Revenue And Facts (2026)
Wendy's Statistics - Wendy's employed 14500 workers during 2024, who created an efficient workforce through their work operations.
February 13, 2026 08:00 AM
THE WENDY'S COMPANY REPORTS FOURTH QUARTER AND FULL YEAR 2025 RESULTS AND PROVIDES 2026 OUTLOOK
Global systemwide sales for the fourth quarter were $3.4 billion, a decrease of 8.3%, and for the full year were $14.0 billion,...
February 13, 2026 08:00 AM
Magnolia Bakery has a new CEO and other restaurant executive moves
Executive Summary: Here are the latest leadership changes in the restaurant industry. By Restaurant Business Staff on Feb. 13, 2026.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
WC CyberSecurity History Information
Official Website of The Wendy's Company
The official website of The Wendy's Company is http://www.wendys.com.
The Wendy's Company’s AI-Generated Cybersecurity Score
According to Rankiteo, The Wendy's Company’s AI-generated cybersecurity score is 743, reflecting their Moderate security posture.
How many security badges does The Wendy's Company’ have ?
According to Rankiteo, The Wendy's Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has The Wendy's Company been affected by any supply chain cyber incidents ?
According to Rankiteo, The Wendy's Company has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does The Wendy's Company have SOC 2 Type 1 certification ?
According to Rankiteo, The Wendy's Company is not certified under SOC 2 Type 1.
Does The Wendy's Company have SOC 2 Type 2 certification ?
According to Rankiteo, The Wendy's Company does not hold a SOC 2 Type 2 certification.
Does The Wendy's Company comply with GDPR ?
According to Rankiteo, The Wendy's Company is not listed as GDPR compliant.
Does The Wendy's Company have PCI DSS certification ?
According to Rankiteo, The Wendy's Company does not currently maintain PCI DSS compliance.
Does The Wendy's Company comply with HIPAA ?
According to Rankiteo, The Wendy's Company is not compliant with HIPAA regulations.
Does The Wendy's Company have ISO 27001 certification ?
According to Rankiteo,The Wendy's Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of The Wendy's Company
The Wendy's Company operates primarily in the Restaurants industry.
Number of Employees at The Wendy's Company
The Wendy's Company employs approximately 70,806 people worldwide.
Subsidiaries Owned by The Wendy's Company
The Wendy's Company presently has no subsidiaries across any sectors.
The Wendy's Company’s LinkedIn Followers
The Wendy's Company’s official LinkedIn profile has approximately 234,189 followers.
NAICS Classification of The Wendy's Company
The Wendy's Company is classified under the NAICS code 7225, which corresponds to Restaurants and Other Eating Places.
The Wendy's Company’s Presence on Crunchbase
Yes, The Wendy's Company has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/wendy-s.
The Wendy's Company’s Presence on LinkedIn
Yes, The Wendy's Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/wendys-international.
Cybersecurity Incidents Involving The Wendy's Company
As of April 02, 2026, Rankiteo reports that The Wendy's Company has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
The Wendy's Company has an estimated 4,932 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at The Wendy's Company ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Wendy's Credit Card Breach
Description: Wendy’s, the nationwide chain of fast-food restaurants suffered a possible credit card breach at some locations after it used a pattern of fraud on cards at some localities.
Type: Data Breach
Attack Vector: Payment Card Fraud
Motivation: Financial Gain
Title: Wendy's Data Breach
Description: The California Office of the Attorney General reported on July 7, 2016, that Wendy's experienced a data breach involving malicious cyber activity that compromised customer payment card information starting in late fall 2015. The breach affected payment card details such as cardholder names, numbers, expiration dates, verification values, and service codes, but the number of individuals impacted is currently unknown.
Date Detected: late fall 2015
Date Publicly Disclosed: July 7, 2016
Type: Data Breach
Title: Wendy's Company Data Breach via Malware on Point-of-Sale Systems
Description: The California Office of the Attorney General reported that The Wendy's Company experienced a data breach involving malware on point-of-sale (POS) systems starting from late fall 2015. The breach was linked to compromised remote access credentials from service providers, potentially compromising customer payment card information. The incident affected some franchise locations, with specific impact dates noted as December 2, 2015, and May 18, 2016.
Date Publicly Disclosed: 2016-07-15
Type: Data Breach
Attack Vector: Malware on POS systems via compromised remote access credentials
Vulnerability Exploited: Compromised remote access credentials from third-party service providers
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised remote access credentials from third-party service providers.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach THE1248522
Data Compromised: Payment Card Information
Incident : Data Breach WEN203072625
Data Compromised: Cardholder names, Card numbers, Expiration dates, Verification values, Service codes
Payment Information Risk: True
Incident : Data Breach WEN225082125
Data Compromised: Customer payment card information
Systems Affected: Point-of-sale (POS) systems
Identity Theft Risk: Potential (due to payment card data exposure)
Payment Information Risk: High (payment card data compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment Card Information, Cardholder Names, Card Numbers, Expiration Dates, Verification Values, Service Codes, , Payment Card Information and .
Which entities were affected by each incident ?
Incident : Data Breach THE1248522
Entity Name: Wendy's
Entity Type: Fast-Food Restaurant Chain
Industry: Food and Beverage
Incident : Data Breach WEN203072625
Entity Name: Wendy's
Entity Type: Restaurant Chain
Industry: Food and Beverage
Incident : Data Breach WEN225082125
Entity Name: The Wendy's Company
Entity Type: Franchise (selected locations)
Industry: Fast Food / Restaurant
Location: United States (specific franchise locations)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach THE1248522
Type of Data Compromised: Payment Card Information
Incident : Data Breach WEN203072625
Type of Data Compromised: Cardholder names, Card numbers, Expiration dates, Verification values, Service codes
Sensitivity of Data: High
Incident : Data Breach WEN225082125
Type of Data Compromised: Payment card information
Sensitivity of Data: High
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach WEN225082125
Regulatory Notifications: California Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach WEN203072625
Source: California Office of the Attorney General
Date Accessed: July 7, 2016
Incident : Data Breach WEN225082125
Source: California Office of the Attorney General
Date Accessed: 2016-07-15
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: July 7, 2016, and Source: California Office of the Attorney GeneralDate Accessed: 2016-07-15.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach THE1248522
Investigation Status: Investigation Completed
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach WEN225082125
Entry Point: Compromised remote access credentials from third-party service providers
High Value Targets: Pos Systems,
Data Sold on Dark Web: Pos Systems,
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on late fall 2015.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2016-07-15.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment Card Information, cardholder names, card numbers, expiration dates, verification values, service codes, , Customer payment card information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Point-of-sale (POS) systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were verification values, card numbers, Payment Card Information, cardholder names, service codes, Customer payment card information and expiration dates.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigation Completed.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised remote access credentials from third-party service providers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=wendys-international' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
