Wendy’s Seeks Dismissal of Data Breach Class Action

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Wendy’s has filed a motion to dismiss a proposed class action lawsuit, stating that the plaintiff’s claims that the fast food chain was directly liable for a January 2016 data breach are based on pure “speculation and innuendo.”

In the dismissal motion, Wendy’s argues that plaintiff Jonathan Torres’ claims lack standing since he cannot conclusively prove that his information was compromised in the alleged Wendy’s data breach.

“Plaintiff admits that ‘very few details’ about the alleged breach have been released, but has no problem claiming that Wendy’s was negligent in failing to prevent it,” Wendy’s wrote in the dismissal motion. “Plaintiff likewise alleges no facts regarding Wendy’s actual security practices, but does not hesitate to claim they were inadequate. Speculation and innuendo are not sufficient to state a plausible claim for relief.”

Additionally, Wendy’s challenges Torres’ claims for negligence, implied contract, and violation of the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). Specifically, Wendy’s states that the claims fail because Torres does not allege a duty of care that exists under Florida law, fails to allege cognizable damages, and lacks standing under the FDUTPA statute since he does not allege any deceptive or unfair practices by Wendy’s.

The plaintiff filed the class action lawsuit on February 8, just twelve days after Wendy’s announced publicly that it was investigating unusual activity involving payment cards at some of its restaurants.

“Wendy’s approach at maintaining the privacy of Plaintiff’s and Class members’ [personally identifiable information (PII)] was lackadaisical, cavalier, reckless, or at the very least, negligent,” Torres’ complaint stated.

Torres had visited a Wendy’s restaurant in Orlando on January 3. Shortly thereafter he was informed that his debit card number had been used to make a purchase at a Best Buy in the amount of $200, and $377 at a Sports Authority store.

On January 27, Wendy’s announced that it had discovered malicious software designed to steal credit and debit card data on computers that operate the payment processing systems for its restaurants. Torres claims he was one of the victims of the Wendy’s data breach. While the basis for causation is uncertain, Torres asserts that “lackadaisical” security measures allegedly allowed hackers to steal his debit card number and rack up nearly $600 in purchases.

Torres’ class action lawsuit alleges that Wendy’s failed to secure and safeguard its customers’ credit and debit card numbers, other payment card data, and other personally identifiable information (PII), and failed to provide timely, accurate, and adequate notice to Torres and other potential Class Members that their private information had been stolen.

However, Wendy’s says that these allegations of fraudulent charges are not sufficient enough to establish standing, contending that Torres has not provided any basis for linking these fraudulent purchases to the Wendy’s data breach and also does not allege that the credit union failed to reimburse them. Based on these arguments, Wendy’s says the plaintiff does not satisfy the requirements of actual or imminent injury or monetary loss.

Further, Wendy’s argues that Torres claims that he’s at risk of future identity theft and fraud as a result of the Wendy’s data breach are a “speculative possibility” and cannot confer standing. Wendy’s also disputes Torres’ allegations that he overpaid for his purchase at Wendy’s, claiming that a portion of the price he paid for Wendy’s food was attributed to payment card security measures that were not implemented.

Torres seeks to certify a statewide Class covering every Floridian whose information was involved in the breach. He is seeking both actual and compensatory damages, as well as a judgment requiring Wendy’s to put adequate security measures in place as well.

Torres is represented by Patrick A. Barthle, Paul Louis SanGiovanni, Marcio William Valladares and John Allen Yanchunis Sr. of Morgan & Morgan PA.

The Wendy’s Data Breach Class Action Lawsuit is Torres v. The Wendy’s Co., Case No. 6:16-cv-00210, in the U.S. District Court for Florida’s Middle District.

UPDATE: On May 25, 2018, Wendy’s agreed to settle a class action lawsuit alleging that a 2016 data breach exposed customer information to hackers and other unauthorized parties.

UPDATE 2: October 2018, the Wendy’s data breach class action settlement is now open. Click here to file a claim.