Knowledgeable hacker takes job at Arby's running a register or slicing meat. Hacker waits until he can get unsupervised physical access to store system (a Windows PC, presumably). Hacker arranges off-site access to system. Hacker quits job, accesses system remotely and has his way with them.
That is an interesting scenario but I am betting it will be another case of the attackers compromising a third party vendor and then working their way into the system like the Target breach, the Wendy's breach, etc. A business can have the most robust security system in the world, but if their business partners are lax it is all for nothing.