Wendy’s Data Breach Brings Banks Out to Litigate

May 9, 2016         By: Steven Anderson

Not so long ago, we heard about a recent data breach at Wendy’s, the major hamburger chain, which left a host of credit card holders potentially exposed.

Now, a new lawsuit has emerged, led by First Choice Credit Union of Pennsylvania that targets the firm for its role in the breach.

The lawsuit reportedly notes that Wendy’s security was insufficient, which led to hackers able to get in and compromise financial card information.

Worse, the breach went unnoticed for weeks, a move that made recovery particularly difficult.

This combination of weak security and lengthy time to notice meant that the cybercriminals involved could go on spending sprees measuring weeks in some cases, making thousands of dollars worth of unauthorized purchases well after the breach took place, a period which ran about five months.

A combination of outdated credit card systems and easily-hacked computers—as well as a lack of adherence to a slate of federal regulations—all added up to the breach and the events that followed, the credit union alleges.

The lawsuit itself notes that “despite the growing threat of computer system intrusion, Wendy’s systematically failed to comply with industry standards and protect payment card and customer data.”

Wendy’s, so far, has yet to respond to the suit—as of this writing—so it will be interesting to see what they have to say.

Further, it will also be interesting to see how far Wendy’s has gone with new moves to the Europay / MasterCard / Visa (EMV) standard, a move that might well buy them some protection in a lawsuit, or further set up the case against the company, depending on its stance.

The mobile payment market—whether it be card, app or otherwise—can be a dangerous place, and only constant vigilance will provide the level of security we all crave from such tools.

In the end, Wendy’s might be on the hook for quite a bit of damages, but only time in front of a judge will tell for certain.