Wendy’s Data Breach Was Preventable, Proposed Class Action Argues

A consumer has filed a putative class action against The Wendy’s Co. alleging a failure to sufficiently secure customer payment card data. Torres v. Wendy’s Co., No. 16-0210 (M.D. Fla., filed February 8, 2016). Wendy’s announced in late January 2016 that it had discovered in its processing systems a software program designed to steal credit and debit card information, several weeks after the plaintiff discovered that his debit card had been used in fraudulent purchases totaling almost $600.

“Wendy’s could have prevented this Data Breach,” the complaint asserts. “The malicious software used in the Data Breach was more than likely a variant of ‘BlackPOS,’ the identical malware strain that hackers used in last year’s data breach at many other retail establishments. While many retailers, banks and card companies responded to recent breaches by adopting technology that helps make transactions more secure, Wendy’s has acknowledged that it has retained a security consultant to review and look into its systems.”

The plaintiff calls the existing measures “suspect,” arguing that the situation requires “judicial intervention and consumer and independent oversight.” For allegations of breach of implied contract, negligence and a violation of Florida’s consumer-protection statute, he seeks class certification, damages, attorney’s fees and injunctions compelling Wendy’s to stop using its current security system and to “utilize appropriate methods and policies with respect to consumer data collection, storage and safety.”

Issue 595