The credit unions that were burned as a result of the data breach that hit America’s third-largest burger chain earlier this year are now suing the fast food eatery.
Last week, Reuters reported that First Choice Credit Union of Pennsylvania plans to represent financial institutions in a lawsuit against Wendy’s, claiming that the company’s insufficient security measures allowed the actions of hackers to compromise its customers’ financial card data and go unnoticed for weeks.
The lawsuit claims that the cybercriminals were able to use the stolen credit and debit card information to make hundreds of thousands of dollars in unauthorized purchases, issued through numerous banks, after the data breach took place.
According to Courthouse News Service, in court documents, the First Choice Credit Union of Pennsylvania also said the chain restaurant “refused to take steps to adequately protect its computer systems from intrusion," leading to an almost five-month-long period where customer data was left vulnerable to hackers.
The credit union is alleging that Wendy’s used outdated credit card systems and computers that were easily hackable by the criminals, as well as that the company was not adhering to the federal regulations designed to prevent major data breaches in the first place.
"Despite the growing threat of computer system intrusion, Wendy's systematically failed to comply with industry standards and protect payment card and customer data," the lawsuit states. The document adds that, as a result of Wendy’s alleged behavior, financial institutions have been negatively impacted by the cyberattack.
"As a result of Wendy's data breach, plaintiff and class members have been forced to cancel and reissue payment cards, change or close accounts, notify customers that their cards were compromised, investigate claims of fraudulent activity, refund fraudulent charges, increase fraudulent monitoring on potentially impacted accounts and take other steps to protect themselves and their customers," the documents add.