In 2015 and 2016, hackers infected 1,025 of Wendy’s restaurants’ point-of-sale systems with malware, leading to a massive data breach involving the loss of massive quantities of payment card data. The POS malware attacks came in two waves, both of which began in the fall of 2015. An estimated 18 million payment cards issued by approximately 7,500 financial institutions were compromised in the data breach.
In April 2016, First Choice Federal Credit Union filed a lawsuit against Wendy’s, seeking class-action status on behalf of all affected financial institutions. The lawsuit seeks to have Wendy’s compensate affected card issuers for breach-related losses and expenses, such as the cost of reissuing cards and compensating cardholders for fraud losses. The Federal Deposit Insurance Corporation and other organizations subsequently joined the class-action lawsuit.
Wendy’s recently agreed to settle the class-action data breach lawsuit by paying $50 million into a settlement fund. Wendy’s is expected to pay approximately $27.5 million with the balance covered by insurance. After the proposed settlement is approved by the court, payments are expected to be made in late 2019. $36 million of the $50 million settlement fund is set aside to compensate banks for card data exposed in the breach.
Court documents reportedly state, “Under the settlement agreement, defendants will create a non-reversionary settlement fund of $50 million in exchange for a release of all claims against Wendy’s franchisees arising from third-party criminal cyberattacks of certain of Wendys’ [sic] independently owned and operated franchisee restaurants involving malware variants targeting customers’ payment card information that Wendy’s reported in 2016 (the ‘data breach’) … The settlement fund will be used to pay: (1) disbursements to settlement class members that file approved claims; (2) the costs of settlement administration and any taxes due on the settlement fund account; (3) attorneys’ fees, costs, and expenses to class counsel in amounts approved by the court; and (4) service awards to the settlement class representatives in amounts approved by the court.”
Wendy’s estimates that its total costs resulting from the data breaches will reach nearly $34 million (a separate consumer class-action lawsuit was filed in February 2016 and was settled by Wendy’s in October 2018 for $3.4 million).
If your business suffered financial or other significant harm due to a data breach in the United States, email us at email@example.com or telephone us toll-free in the United States at 800-756-2143 to discuss whether your data breach matter may be appropriate to be handled on a contingency basis.
BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation