Wendy’s Faces Lawsuit over Stolen Debit Card Data
A Wendy’s customer has filed a class action complaint against the fast food chain for its alleged failure to protect consumers’ credit and debit card information. The suit is the latest in a spate of litigation against retailers related to the theft of payment card data.
In the suit, filed earlier this month in the U.S. District Court for the Middle District of Florida, plaintiff Jonathan Torres of Orlando alleged that hackers using “malware accessed the computer systems at Wendy’s locations throughout the United States” and stole customer data. Torres used his debit card at an Orlando-area Wendy’s on Jan. 3, and criminals using his stolen data bought $200 worth of merchandise from a Sports Authority store and $377.74 worth of goods from a Best Buy store, the complaint said. (The upcoming issue of Pay Magazine discusses why the spread of EMV chip card security may lead to more criminals using stolen mag-stripe card data at sporting goods and other types of high-end stores.)
Wendy’s disclosed the data breach on Jan. 27, according to the complaint and news reports. The complaint alleged not only that Wendy’s revealed scant information about that breach but that the chain could have prevented the breach with more foresight. That’s because the Wendy’s hackers “more than likely” used a “variant of Black POS, the identical malware strain that hackers used in” recent data breaches at other retailers. Those retailers reportedly included Target, though the suit does not specifically mention the Target breachs. The suit alleges that Wendy’s didn’t do enough to make transactions more secure at its restaurants in the wake of those earlier breaches. The suit did not describe the scope of the breach.
Earlier this year, in a similar case, a federal judge refused to toss a class action complaint brought in a federal court in Illinois over a 2013 Neiman Marcus data breach.