Company owned restaurants were targets of malware.

ATLANTA – Arby’s Restaurant Group Inc. (ARG) said malware was found on the point-of-sale systems of certain company owned restaurants.

The company warned consumers that the intruder may have been able to access data from payment cards used at those locations no earlier than Oct. 20, 2016, and no later than Jan. 12, 2017. The company immediately notified law enforcement and launched an investigation. “ARG learned of, and quickly took measures to contain and eradicate, malware that was present on the point-of-sale (POS) systems of certain restaurants,” the company said in a statement.

ARG said the company has been working closely with the payment card companies regarding breach, and posted a list of affected restaurants and specific time frames.

“In some instances, the malware appears to have identified data from the card’s magnetic stripe that included the cardholder name and number and in other instances the card data identified by the malware did not appear to include the cardholder name,” the company explained. “It is possible that not every card was identified.”