Burger chain Wendy's Co said some customers' payment card data, including card numbers and other crucial information, was stolen in the malware attack disclosed earlier this year at over 300 of its franchised restaurants in the United States.
Wendy's said hackers had stolen "cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code," among other data.
Shares of the company, which forecast weak sales for the current quarter in May, fell about 2 percent to $9.44 in morning trading.
Wendy's first disclosed malware in some of its systems in February, a couple of weeks after it announced an investigation into unusual payment card activity at some of its 5,700 outlets.
In June, Wendy's said a variant of the malware had been found and the number of affected restaurants could be "considerably higher" than the 300 identified earlier.
There is no indication so far that the malware attack has affected any company-owned restaurants, Wendy's said on Thursday.
(Reporting by Abhijith Ganapavaram in Bengaluru; Editing by Savio D'Souza and Kirti Pandey)