[BreachExchange] Class Action Claims Wendy’s Negligently Exposed Customer Payment Info In January Breach

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 23 20:54:05 EST 2016 

http://consumerist.com/2016/02/23/class-action-claims-wendys-negligently-exposed-customer-payment-info-in-january-breach/

Back in January, Wendy’s confirmed that it was looking into a data breach,
adding later that it had found malicious software designed to steal
customer information on computers that operate its payment processing
system. As one might imagine, that didn’t go over well with some customers:
a new class action claims the fast food chain was negligent in exposing its
customers’ credit and debit card information to attackers.

The lead plaintiff says in a complaint filed in federal court in Orlando
that hackers used his debit card information to charge almost $600 worth of
stuff after he’d used the card at a Wendy’s restaurant in early January,
Courthouse News reports.

The customer claims Wendy’s failed to use adequate safety measures and
didn’t notify customers quickly. He wants the court to certify a class of
other Florida residents who also could’ve been defrauded after visiting
Wendy’s.

“Wendy’s could have prevented this data breach,” the complaint states,
adding the software was most likely a variant of the “BlackPOS” malware
that affected other large companies last year. “While many retailers, banks
and card companies responded to recent breaches by adopting technology that
helps make transactions more secure, Wendy’s has acknowledged that it did
not do so.”

Wendy’s should have known better, the complaint states, especially after
several other high profile reports in the media of hackers stealing
personal information, but instead, it kept payment information and
customers’ personal information together.

The plaintiff is suing for negligence, breach of contract, and violation of
Florida’s Unfair and Deceptive Trade Practices Act. He’s seeking damages,
and for the court system to make sure improved security measures are put
into place.

So far, Wendy’s has only acknowledged a pattern of “unusual credit card
activity” regarding its customers, but hasn’t disclosed how many people
could have been affected. We’ve reached out to Wendy’s for comment and will
update this post when we hear back.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160223/d7c0637d/attachment-0001.html>

More information about the BreachExchange mailing list