From 22nd October 2015 through to 10th March 2016, hackers penetrated Wendy’ computer systems and stole what could be millions of consumer credit cards that had been used at certain Wendy’ locations.
“As a result of Wendy’ data breach, plaintiff and class members have been forced to cancel and reissue payment cards, change or close accounts, notify customers that their cards were compromised, investigate claims of fraudulent activity, refund fraudulent charges, increase fraudulent monitoring on potentially impacted accounts, and take other steps to protect themselves and their customers,” the lawsuit claims.
Specifically, the plaintiffs claim that Wendy’ holds on to credit card information longer than necessary and failed to meet the October 2015 deadline for EMV cards and terminals.
“Despite the growing threat of computer system intrusion, Wendy’ systematically failed to comply with industry standards and protect payment card and customer data” the lawsuit states, noting that as a consequence, financial institutions have borne the brunt of the data breach.
The complaint asserts that Wendy’ used outdated and easily hackable computer and credit card systems, and that the company failed to meet federal regulations and guidelines around computer and data security, stating that Wendy’ “refused to take steps to adequately protect its computer systems from intrusion.”
A Wendy’ spokesman has said that malware was discovered by third-party investigators, but the company has yet to confirm how many of its 6,000 stores had been hacked.