Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Two customers of Dickey’s Barbeque in California have filed a class action lawsuit against the restaurant chain over a recent data breach that might have exposed their credit card information to cyber criminals.
The men, Ross Diczhazy and Wesley Etheridge II, claim Dickey’s failed in its duty to adequately protect their customers’ data and should be held responsible in civil court. They filed their class action lawsuit Nov. 9 in the U.S. District Court for the Southern District of California, accusing Dickey’s of violating California’s consumer privacy act and unfair competition law, and of negligence.
“Defendants have failed to maintain reasonable security controls and systems appropriate for the nature of [personal identifying information] they maintain,” the class action lawsuit says. Later, it goes on to further accuse Dickey’s of failing to detect a system hack.
“Dickey’s did not learn that 3 million of its customers’ payment cards had been stolen until the hack was publicly reported by third parties — at least 16 months after it began,” the class action lawsuit claims. “Defendants should have had breach detection protocols in place, which could have detected the breach and alerted customers much sooner.”
News of the Dickey’s data breach broke Oct. 15 when cybersecurity experts Gemini Advisory and Q6 Cyber reported Joker’s Stash, a black market venue for selling stolen credit card information, was offering a new batch of data for sale, according to ZDNet.
Dubbed “Blazing Sun,” the list went up for sale on the dark web Oct. 12 and is said to include more than 3 million stolen credit card numbers with a 90% to 100% valid rate. According to the cyber security blog Krebs on Security, run by former Washington Post reporter Brian Krebs, a high valid rate “is typically an indicator that the breached merchant is either unaware of the compromise or has only just begun responding to it.”
Krebs reported the Dickey’s data breach involved credit cards used at 100 of the chain’s barbecue restaurants across the country starting as early as May 2019 and as late as September 2020. The cyber criminals were able to access the information, Gemini reported, because some of the Dickey’s franchise locations were using point-of-sale equipment that had been infected with card-capturing malware.
“Given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations,” Gemini reported on its own blog.
It is unclear when Dickey’s became aware of the data breach, but the company publicly acknowledged it in a statement issued Oct. 13, saying it was investigating. Dickey’s said it was working with “third parties who have helped other restaurants address similar issues” and with the Federal Bureau of Investigation (FBI).
Plaintiffs Diczhazy and Etheridge allege Dickey’s allowed some of its franchise restaurants to use point-of-sale systems based on the now outdated method of reading the magnetic strip on the back of credit cards instead of reading the embedded chip in most newer credit cards. The chips were developed to be more secure and are now in widespread use.
As a result of the data breach, Diczhazy and Etheridge say, they are and will be at great financial risk indefinitely.
“Perpetrators often wait months or years to use the personal information obtained in data breaches, as victims often become complacent and less diligent in monitoring their accounts after a significant period has passed,” their class action lawsuit says. “Perpetrators will also re-use stolen personal information, meaning individuals can be the victim of several cybercrimes stemming from a single data breach.”
Diczhazy and Etheridge are asking the court to certify their case as a class action, which could include as many as all 3 million affected card holders involved in the data breach. They are seeking monetary damages, free credit monitoring and greater security measures to be put in place at Dickey’s.
Did you buy food from a Dickey’s Barbeque at any time in the last two years? Are you concerned your credit card information might have been stolen in the Dickey’s data breach? Tell us about it in the comment section below.
Lead plaintiff Ross Diczhazy and the proposed Class Members are represented by Daniel J. Mogin, Jennifer M. Oliver and Timothy Z. LaComb of MoginRubin LLC; and Alexander M. Schack, Natasha N. Serino and Shannon F. Nocon of Schack Law Group.
The Dickey’s Barbeque Data Breach Class Action Lawsuit is Ross Diczhazy, et al. v. Dickey’s Barbeque Restaurants Inc., et al., Case No. 3:20-cv-02189-L-MDD, in the U.S. District Court for the Southern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
31 thoughts onDickey’s Barbeque Faces Class Action Lawsuit Over Data Breach
Please add
Please add me.
Please add me
Please Add Me
Please add me
Please add me
Hello, My name is LaVonne Hicks, I over ordered Dickeys from Uber eats. Since then I have a driver give me code. To make the food is delivered to the right person. Since I have disputed extra charges on my account account.
Please add me