[BreachExchange] PrimoHoagies Sued Over Data Breach

Destry Winant destry at riskbasedsecurity.com
Fri May 1 10:20:08 EDT 2020 

https://www.infosecurity-magazine.com/news/primohoagies-sued-over-data-breach/

A Philadelphia chain of sandwich shops is facing a class-action
lawsuit over a data breach that went undetected for 7 months.

Earlier this month, PrimoHoagies revealed that cyber-attackers had
broken into its online payment platform and accessed the payment card
information of customers who made online purchases between July 15,
2019, and February 18, 2020. Customers who made purchase in-store were
not impacted.

PrimoHoagies said it only discovered the breach "after receiving
notice of unusual payment card activity from a few customers who
ordered online."

According to a statement issued by PrimoHoagies Franchising, Inc. on
April 17, "the affected payment card information may have included
names, addresses, payment card numbers, expiration dates, and security
codes."

The popular East Coast sandwich chain, which is based in Westville,
franchises more than 85 eateries in eight states between Florida and
New Jersey.

After discovering the prolonged breach, PrimoHoagies said it contacted
"payment card brands so steps could be taken to prevent fraudulent
activity on any affected cards," and advised customers to "carefully
review and monitor their payment card account statements."

On April 23, Edward D. Hozza III brought a suit against the sandwich
shop chain, which he accuses of failing to take adequate steps to
protect customers against the theft of "highly sensitive and personal
payment card information."

In the filing, Hozza, of Lehigh County, Pennsylvania, states that his
credit card company had to issue him with a new card after his account
was used for fraudulent purchases in September 2019.

According to the Cherry Hill Courier-Post, Hozza contends that the
breach will cause victims "to undertake expensive and time-consuming
efforts, including placing 'freezes' and 'alerts' with credit
reporting agencies." He predicts that the number of PrimoHoagies
customers affected by the cybersecurity breach is "likely in the
millions."

The suit was filed in Camden Federal Court with Hozza represented by
Anthony Christina of West Conshohocken, Pennsylvania. Hozza is seeking
unspecified compensatory and punitive damages on behalf of all
PrimoHoagies customers whose card payment data was exposed in the
prolonged cybersecurity incident.

The plaintiff is further seeking for PrimoHoagies to offer at least
three years of identity theft– and credit card–monitoring services to
all online customers affected by the breach.

More information about the BreachExchange mailing list