Wendy’s Co., which reported a payment-card hack earlier this year, said that the breach affected about 18 percent of its U.S. locations.

Criminals used malicious software to access customers’ names, credit- and debit-card numbers and expiration dates from about 1,025 franchised restaurants, Bob Bertini, a spokesman for the Dublin, Ohio-based company, said in an e-mail on Thursday. The company is working to get a list of the affected locations on its website. Last month, Wendy’s confirmed that it had disabled the malware and said the attack was “considerably” bigger than it previously thought.

Wendy’s, which has about 5,700 U.S. locations, is among retailers and restaurants suffering through a spate of hacks in recent years. Noodles & Co. said last week that a security incident may have compromised credit- and debit-card payment data at some of its locations. Last year, U.S. chains began using European-style chip cards to try to decrease fraud.

Wendy’s shares declined as much as 2.9 percent to $9.35 on Thursday. The stock already had lost 11 percent this year through Wednesday’s close.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry