Last updated: 02 August 2016
There have been some new developments in the Wendy’s data breach story since I first chronicled how the story went from bad – with the company reporting fewer than 300 restaurants were impacted in May 2016 – to worse at the beginning of July, when the company revising the total to more than 1,000 breached restaurants.
Check out our handy new infographic for a recap of the Wendy’s data breach timeline followed by news regarding two class action lawsuits brought forth following the breach.
Wendy’s Data Breach Timeline Infographic
I discussed the breach timeline in-depth in my last post, comparing how this story unfolded to the Target breach timeline and what some of the important takeaways were for this new breach.
To bring everyone up to speed as quickly as possible though, here’s a new infographic summarizing some of the key points:
Adding new tidbits to the story, at the end of July a federal court in Florida dismissed Torres v. Wendy’s Co., a putative class action case in which the plaintiff alleged Wendy’s had not taken adequate steps to protect customers’ financial data.
While the court acknowledged that the plaintiff’s information had been used fraudulently in two instances following the breach, the case was dismissed in part because the plaintiff’s credit union had reimbursed him for fraudulent charges, and thus the plaintiff hadn’t suffered any financial losses.
In short, I take that to mean if a breach doesn’t cost you anything out of pocket, don’t expect to be compensated for any headaches that stem from the breach.
Credit Union Suit Intensifies
Meanwhile, credit unions are showing how little patience they have left for paying the bill following a retail data breach.
On July 31st, the Michigan Credit Union League (MCUL) – representing Michigan credit unions – announced it would join several credit unions, fellow state credit union leagues, and the Credit Union National Association in another class action lawsuit filed against Wendy’s following the breach.
According to a press release announcing its involvement in the lawsuit, MCUL stated the breach was due to “Wendy’s poor data security measures, failure to discover and contain the breach and for neglecting to notify financial institutions of the compromise.”
“Until retailers are forced to invest in robust data security measures, credit unions will continue to pay the price for retailer data breaches,” MCUL EVP/COO Ken Ross said in the release. “Adding our name to this class action is one way we are going to bat for Michigan credit unions until a legislative solution is achieved.”
As noted in the infographic, we still don’t know the number of customer data records that were stolen, the concrete steps Wendy’s is taking to improve security, or what the breach will ultimately cost the restaurant chain.
Regarding the latter, the credit union class action lawsuit obviously has the potential to add to that total sum.
For more information about the impact of data breaches and retail data security, you may wish to check out:
- 2015 Data Breaches report from the Breach Level Index
- Data Security Confidence Index 2016 survey findings
- Data Breaches and Customer Loyalty survey findings
- Retail data security solutions offered by Gemalto