Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Two customers of Dickey’s Barbeque in California have filed a class action lawsuit against the restaurant chain over a recent data breach that might have exposed their credit card information to cyber criminals.
The men, Ross Diczhazy and Wesley Etheridge II, claim Dickey’s failed in its duty to adequately protect their customers’ data and should be held responsible in civil court. They filed their class action lawsuit Nov. 9 in the U.S. District Court for the Southern District of California, accusing Dickey’s of violating California’s consumer privacy act and unfair competition law, and of negligence.
“Defendants have failed to maintain reasonable security controls and systems appropriate for the nature of [personal identifying information] they maintain,” the class action lawsuit says. Later, it goes on to further accuse Dickey’s of failing to detect a system hack.
“Dickey’s did not learn that 3 million of its customers’ payment cards had been stolen until the hack was publicly reported by third parties — at least 16 months after it began,” the class action lawsuit claims. “Defendants should have had breach detection protocols in place, which could have detected the breach and alerted customers much sooner.”
News of the Dickey’s data breach broke Oct. 15 when cybersecurity experts Gemini Advisory and Q6 Cyber reported Joker’s Stash, a black market venue for selling stolen credit card information, was offering a new batch of data for sale, according to ZDNet.
Dubbed “Blazing Sun,” the list went up for sale on the dark web Oct. 12 and is said to include more than 3 million stolen credit card numbers with a 90% to 100% valid rate. According to the cyber security blog Krebs on Security, run by former Washington Post reporter Brian Krebs, a high valid rate “is typically an indicator that the breached merchant is either unaware of the compromise or has only just begun responding to it.”
Krebs reported the Dickey’s data breach involved credit cards used at 100 of the chain’s barbecue restaurants across the country starting as early as May 2019 and as late as September 2020. The cyber criminals were able to access the information, Gemini reported, because some of the Dickey’s franchise locations were using point-of-sale equipment that had been infected with card-capturing malware.
“Given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations,” Gemini reported on its own blog.
It is unclear when Dickey’s became aware of the data breach, but the company publicly acknowledged it in a statement issued Oct. 13, saying it was investigating. Dickey’s said it was working with “third parties who have helped other restaurants address similar issues” and with the Federal Bureau of Investigation (FBI).
Plaintiffs Diczhazy and Etheridge allege Dickey’s allowed some of its franchise restaurants to use point-of-sale systems based on the now outdated method of reading the magnetic strip on the back of credit cards instead of reading the embedded chip in most newer credit cards. The chips were developed to be more secure and are now in widespread use.
As a result of the data breach, Diczhazy and Etheridge say, they are and will be at great financial risk indefinitely.
“Perpetrators often wait months or years to use the personal information obtained in data breaches, as victims often become complacent and less diligent in monitoring their accounts after a significant period has passed,” their class action lawsuit says. “Perpetrators will also re-use stolen personal information, meaning individuals can be the victim of several cybercrimes stemming from a single data breach.”
Diczhazy and Etheridge are asking the court to certify their case as a class action, which could include as many as all 3 million affected card holders involved in the data breach. They are seeking monetary damages, free credit monitoring and greater security measures to be put in place at Dickey’s.
Did you buy food from a Dickey’s Barbeque at any time in the last two years? Are you concerned your credit card information might have been stolen in the Dickey’s data breach? Tell us about it in the comment section below.
Lead plaintiff Ross Diczhazy and the proposed Class Members are represented by Daniel J. Mogin, Jennifer M. Oliver and Timothy Z. LaComb of MoginRubin LLC; and Alexander M. Schack, Natasha N. Serino and Shannon F. Nocon of Schack Law Group.
The Dickey’s Barbeque Data Breach Class Action Lawsuit is Ross Diczhazy, et al. v. Dickey’s Barbeque Restaurants Inc., et al., Case No. 3:20-cv-02189-L-MDD, in the U.S. District Court for the Southern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
31 thoughts onDickey’s Barbeque Faces Class Action Lawsuit Over Data Breach
ADD ME
How do we find out, if my card was compromised?
Have not been notified by anyone at Dickey’s.
Please keep me in the loop.
Add me.
George
Add me
Last visit to Dickeys in Hanford, Ca. They were not using the original meats but were using meat that person working there told me they were told to purchase from stores in area. The Turkey was disgusting. They offered to give me a $50. Credit but we never went back.
Please add me to this class action against DICKEY’S BBQ case 3:20-cv-02189. Thanks !
Made several visits to Dickeys in Hanford, California in 2019 and paid with my card. Was that one of the areas.
Add me please
Add me
Add me too
I purchased from Dickies in Traverse City Michigan SEPTEMBER 2020 and paid by credit card.
Add me please
I bought food at Dickey’s about a year and a half ago and used my card as payment. I even remember that it was a card reader that required you to swipe the magnetic strip instead of inserting it to read the chip. Don’t have a clue as to why I remember this detail, it stuck in my brain for some reason? How can I find out if my information was part of the breach?