Plaintiffs, including CUNA and certain state credit union leagues and credit unions, urged a Pennsylvania federal judge today to reject Wendy’s Co. request to dismiss a class action lawsuit against the fast-food giant over its alleged inadequate security response to a data breach.
Submitting a brief to the U.S. District Court for the Western District of Pennsylvania, the financial institution and association plaintiffs refuted Wendy’s assertion that there are no “legitimate claims” in the lawsuit, which was initiated by First Choice FCU.
The brief calls the breach the “the inevitable result of Wendy’s inadequate data security measures and lackadaisical approach to the security of the payment card data it collected.”
Plaintiffs purport that the financial costs caused by Wendy's deficient data security approach have been borne primarily by credit unions and other financial institutions that issued the payments cards that were compromised in the breach that occurred in 2015 and carried over into 2016.
Costs associated with recent data breaches are substantial--reaching millions of dollars--and include, but are not limited to, canceling and reissuing compromised cards and reimbursing the cardholders for fraudulent charges associated with the breach, CUNA has noted.
These out-of-pocket costs, CUNA maintains, are sufficient to keep the matter before the court. CUNA joined the lawsuit, aimed at recouping those costs borne by financial institutions, in June.
Industry sources have estimated that fraudulent charges from the Wendy’s breach are even greater than those from other huge breaches, such as those occurring at Target and Home Depot.
CUNA surveys found credit unions alone were hit with nearly $60 million in costs after Home Depot's 2014 data breach and $30.6 million after Target's 2013 data breach.
The Georgia Credit Union Affiliates, Indiana Credit Union League, Michigan Credit Union League, and Ohio Credit Union League also are parties to the lawsuit.