The class action suit brought by 26 financial institutions against fast food chain Wendy’s over a 2016 data breach should go forward, said Judge Maureen P. Kelly, chief magistrate of the U.S. District Court, Western District of Pennsylvania.
The case stems from malware that Wendy’s discovered on the point-of-sale systems at fewer than 300 franchised North American restaurants. An additional 50 franchise restaurants also were suspected of experiencing, or had been found to have, other cybersecurity issues.
The financial institutions, which have reimbursed consumers whose credit and debit card information was compromised, have told the court that “Wendy’s, and only Wendy’s, was in a position to prevent the data breach and to safeguard sensitive card data.” The financial institutions claim the chain was negligent for not keeping up with security standards and want it to pay back the expenses they incurred.
Wendy’s wants to dismiss the case, saying the banks had not brought legitimate claims under common law. But Kelly disagreed. “At this early stage of the litigation and accepting all of the alleged facts as true, it appears that plaintiffs have advanced a plausible claim for negligence,” she said.
- Wendy’s Faces Pressure from Banks over Data Breach Lawsuit
- 8th Circuit Tells Lower Court to Take another Look at Target Data Breach Settlement
- Data Breaches Increase 40 Percent in 2016, CyberScout Says in New Report