Wendy’s Hit With Data Breach Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

A class action lawsuit has been filed against the fast food chain Wendy’s Co. over its alleged inadequate security response to a data breach they announced last month.

Lead plaintiff Jonathan Torres of Florida claims in the Wendy’s class action lawsuit that due to insufficient security measures, his debit card was subject to a data breach resulting in fraudulent charges that amounted to nearly $600. The plaintiff further alleges that Wendy’s did not provide enough information to its customers about the breach for them to understand what information was affected and how to protect themselves.

Wendy’s announced the data breach on Jan. 27, 2016. Torres claims that the cyber attack was relatively unsophisticated and Wendy’s should have been able to prevent it.

“While many retailers, banks and card companies responded to recent breaches by adopting technology that helps makes [sic] transactions more secure,” said Torres in his complaint. “Wendy’s has acknowledged that it has retained a security consultant to review and look into its systems.”

According to the Wendy’s data breach class action lawsuit, the same malware was used in recent cyber attacks on Target and Home Depot. “It is well known and the subject of many media reports that [Private Identifiable Information (PII)] is highly coveted and a frequent target of hackers,” alleged the plaintiff.

“Despite the frequent public announcements of data breaches by retailers,” he continued. “Wendy’s opted to maintain an insufficient and inadequate system to protect the PII of Plaintiff and class members.”

The class action lawsuit further alleges that Wendy’s should have implemented better security measures, including separating payment information from customers’ personal information and by not doing so, Wendy’s was negligent. The plaintiff also accuses Wendy’s of breach of contract and of violating the State of Florida’s Unfair and Deceptive Trade Practices Act.

“Wendy’s disregard Plaintiff’s and Class members’ rights by intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected, failing to take adequate sand reasonable measures to ensure its data systems were protected, failing to take available steps to prevent and stop the breach from ever happening, and failing to disclose to its customers the materials facts that it did not have adequate computer systems and security practices to safeguard customers’ Private Information,” the Wendy’s data breach class action states.

The plaintiff seeks to represent a statewide class of Florida residents whose credit or debit information was affected by the data breach. Torres is seeking actual and compensatory damages, as well as a court order forcing Wendy’s to beef-up its cyber security measures by encrypting customer data, testing its systems, and removing unnecessary information from its databases.

Torres is represented by Patrick A. Barthle, Paul Louis SanGiovanni, Marcio William Valladares and John Allen Yanchunis Sr. of Morgan & Morgan PA.

The Wendy’s Data Breach Class Action Lawsuit is Torres v. The Wendy’s Co., Case No. 6:16-cv-00210, in the U.S. District Court for Florida’s Middle District.

UPDATE: On Apr. 4, 2016, Wendy’s filed a motion to dismiss this class action lawsuit, stating that the plaintiff’s claims are based on pure “speculation and innuendo.”

UPDATE 2: October 2018, the Wendy’s data breach class action settlement is now open.Click here to file a claim.