The malware has been targeting retailers across the US since last October.
Consumers’ payment card data has been compromised at 395 stores operated by the ice cream and fast-food restaurant chain International Dairy Queen (DQ) across the US.
Computers at some DQ locations and one Orange Julius location were hit by the Backoff malware. Its stores in Rhode Island, Vermont, Hawaii and Louisiana remain unaffected by the malware. The frim operates around 4,500 shops.
Backoff has been targeting retailers across the US since a year ago.
The infected PCs disclosed the names, numbers and expiration dates of customer payment cards, while there was no evidence of leaks related to other personal information such as card PINs, social security numbers or email Ids.
International Dairy Queen president and CEO John Gainor said: "We are committed to working with and supporting our affected DQ and Orange Julius franchise owners to address this incident.
"Our customers continue to be our top priority."
Consumers, who swiped their payment cards at the malware-hit DQ stores or the one Orange Julius location during the particular period, are being offered free identity repair services for one year.
According to data from the US Department of Homeland Security, Backoff malware was initially detected in October 2013 and has targeted more than 1,000 US businesses with its capabilities to fragment computer memory for track data and logging keystrokes.
In addition, there were reports on a range of malwares targeted at payment cards after a data breach at US retailer Target exposed the personal information of up to 110 million customers during the holiday season last year.