CUNA will join a data breach lawsuit against Wendy's, the CUNA board decided this week. The fast-food chain has been accused of negligence in protecting customer credit card information and being liable for a massive breach of that information.
“The CUNA board has authorized us, as the national association for credit unions, to join a lawsuit against Wendy’s,” said CUNA President/CEO Jim Nussle.
The financial costs caused by Wendy's "deficient data security approach" have been borne primarily by credit unions and other financial institutions that issued the payments cards that were compromised, CUNA will allege in its complaint. Those costs include, but are not limited to, canceling and reissuing compromised cards and reimbursing the cardholders for fraudulent charges associated with the breach.
CUNA will note that industry sources estimate the fraudulent charges have been even greater than in other recent data breaches, like Target and Home Depot. CUNA surveys found credit unions alone were hit with nearly $60 million in costs after Home Depot’s 2014 data breach and $30.6 million after Target’s 2013 data breach.
The first Wendy's suit was filed in the Western District of Pennsylvania by First Choice FCU, News Castle, Penn. The credit union seeks to recover the costs incurred related to the breach. Other credit unions followed suit with additional cases also filed in the Western District of Pennsylvania.
The Wendy's breach occurred from October 2015 through March 2016--or, according to some reports, may have lasted into April.
Credit unions or leagues wishing to discuss their particular situations with respect to Wendy’s losses can contact outside counsel representing CUNA at firstname.lastname@example.org.