WATERLOO, Iowa—Veridian Credit Union has filed a class-action lawsuit against Wendy’s over the fast food restaurant’s data breach.
In the lawsuit, the $2.9-billion CU alleges Wendy’s acted recklessly in a recent cyberattack by not protecting customers’ financial information from hackers or notifying them of the breach in a timely manner.
The suit is on behalf of all U.S. financial institutions that issued credit or debit cards to consumers who were affected by the breach.
In the filing, Veridian alleges that Wendy’s could have prevented the foreseeable security breach and ensuing financial losses if it had only updated its point-of-service systems to meet industry standards, adding that failing to do so violated the Federal Trade Commission Act.
“The data breach was the inevitable result of Wendy’s pervasive and inadequate approach to data security. Wendy’s data security deficiencies were so significant that hackers installed malware and remained undetected for weeks, or possibly months, until outside parties notified Wendy’s that there may have been a breach based on fraudulent transactions that had taken place after the hackers had used or sold the customer data,” the complaint stated.
In April the New Castle, Penn.-based First Choice FCU filed a class-action lawsuit against Wendy’s for the data breach. The CU alleged that Wendy's failed to secure customer payment data and that FIs have so far footed the bill to make consumers whole.
And earlier in April Wendy’s acknowledged that the data breach originally reported in January of this year is much larger than it had first stated. The fast food chain had said that fewer than 300 of its 5,800 locations were affected by the breach, changing its assessment to considerably more than the 300 restaurants implicated.