The incident appeared to follow a familiar pattern in which malware is planted somewhere in POS systems to gather credit card numbers. Other restaurants and retailers that have been hit in a like manner include Jimmy John's, Landry's, P.F. Chang's, Dairy Queen, Chick-fil-A, Target and Home Depot.

Matt McCombs, president/CEO for the $492 million, East Moline, Ill.-based Vibrant Credit Union, which has branches in Illinois and Iowa, said the credit union has not noticed any uptick in card fraud.

“It is almost impossible to pinpoint specific merchants for mishaps that they make that result in card fraud,” McCombs explained. “Fraudulent charges can occur days, weeks or often months before knowledge of major breaches is made public. Merchants have continued to dodge the accountability of mass or individualized activity that results in significant cost to financial institutions.”

Meanwhile, the Orlando Sentinel reported a Florida man proposed a class-action lawsuit against Wendy's in federal court Monday. The plaintiff claimed the fast food chain knowingly provided “lackadaisical” security measures that allowed thieves to steal his debit card number and rack up almost $600 in fraudulent charges just after visiting a local Wendy's on Jan. 3.

The suit is one of the first that targets a retailer following the October deadline that required all retailers to switch over to EMV chip scanner technology from the traditional card swiping method.

Card associations such as Visa and MasterCard often know about a card compromise before the financial institution or even the merchant itself does, according to cybersecurity expert Brian Krebs. He added they infrequently inform financial institutions about hacked merchants; rather, the associations send affected financial institutions a list of compromised card numbers.

“This seems like déjà vu, all over again,” Dodi Glenn, vice president, cybersecurity at the Sioux City, Iowa-based PC Pitstop, said. “In 2014, Wendy's found malware installed in one of their Michigan restaurant computers – they need to be more open about what they are going to do to prevent these attacks in the future, as well as how many people and stores were impacted. To date, I have seen nothing about what they are doing to stop this problem, and will no longer eat at Wendy's until they can show improvements.”

Wendy's disclosed the data breach investigation on Jan. 27. Bob Bertini, a spokesperson for Wendy's, said the company started getting reports earlier in January from payment industry contacts about a potential breach.

“Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants,” Bertini said at the time in a prepared statement. “We've hired a cybersecurity firm and launched a comprehensive and active investigation that's underway to try to determine the facts. We began investigating immediately, and the period of time we're looking at [for] the incidents is late last year, we know it's [affecting] some restaurants but it's not appropriate just yet to speculate on anything in terms of scope.”