How much bigger?? “Considerably higher” was the phrase used…whatever that means. Wendy’s has admitted it has a bigger problem than it thought with a malware breach in franchise restaurants’ payment systems than the 300 franchisee-owned stores announced on May 11. No other disclosures though… declining to detail the number of stores involved or where they are located.

Both “Krebs on Security” blog writer Brian Krebs and the president of the National Association of Federal Credit Unions said Wendy’s statement on the bigger scope of the problem, issued late Thursday afternoon, supports their understanding that the breach could be worse than recent ones at Target and Home Depot. Those breaches affected 40 million and 56 million credit and debit cards, respectively.

“A number of sources in the fraud and banking community have complained to (me) that there was no way the Wendy’s breach only affected 5 percent of stores — given the volume of fraud that the banks have traced back to Wendy’s customers,” Krebs wrote on his widely-read blog.

Wendy’s has more than 6,000 locations, the vast majority of which are owned by franchisees. The company said that the breach covers stores in the U.S. and Canada, but declined to identify which stores were hit or even in what states.

Wendy’s share price was little changed by the news, falling less than 1 percent Friday. The breach will likely result in less impact than a food-borne disease outbreak like Chipotle has been faced with.

Wendy’s customers with questions were directed to a toll-free number, 888-846-9467, or emailPaymentCardUpdate@wendys.com.