[BreachExchange] Zippy’s settles class-action lawsuit over data breach

Destry Winant destry at riskbasedsecurity.com
Mon Jan 7 00:32:58 EST 2019


https://www.staradvertiser.com/2019/01/04/breaking-news/zippys-settles-a-class-action-lawsuit-over-data-breach/

Zippy’s Restaurants has settled a class-action lawsuit involving a
breach of credit and debit card systems over four months from Nov. 23,
2017 to March 29.

The company alerted its customers April 27 of the data breach at its
25 restaurants, Napoleon’s Bakery, Kahala Sushi and Pearl City Sushi
locations. It also said cards used to buy drinks at Dole Cannery
Pomaikai Ballrooms also may have been affected.

Two people, who say they were victims of fraudulent charges after the
breach, filed the complaint against Zippy’s owner FCH Enterprises Inc.

Oahu resident Joshua Bokelman said in the lawsuit that he used his
debit card nearly exclusively at Zippy’s Express in the Waimalu
Shopping Center and incurred more than $300 in fraudulent debit card
charges since the breach. Suchandra Thapa of Illinois said he used his
credit card at Zippy’s McCully on Feb. 4 and fraudulent charges
appeared 17 days later.

An investigation by the Federal Bureau of Investigation discovered
that FIN7, an international criminal group responsible for hacking
national restaurants and retailers, had accessed card information from
the popular local restaurant chain.

Zippy’s said it has improved system security and monitoring of payment
processing, among other changes, to prevent a future incident.

“Zippy’s is committed to making things right for our customers
impacted by this incident,” said Paul Yokota, president of FCH
Enterprises, in a news release. “While we’re grateful that no personal
information was exposed in the attack, we continue to recommend that
customers closely monitor their credit or debit card statements, and
immediately contact their bank or financial institution if they
identify any suspicious activity.”

U.S. customers who used a credit or debit card during the breach
period may file a claim. The amount paid depends on whether patrons
can prove unauthorized charges “plausibly connected to the security
incident” and on how many people submit valid claims.

Following the deadline to submit a claim on June 2, Zippy’s will
donate any unclaimed settlement funds to Cyber Hawaii, a local
nonprofit that works to mitigate cyber risk. For more information or
to file a claim go to zippyssettlement.com or call 888-906-2033.


More information about the BreachExchange mailing list