The Wendy’s Co. will pay $50 million to financial institutions to settle claims that the fast-food restaurant chain had weak data security systems that let hackers access customers’ credit card information.
The group of credit unions and other financial institutions will release Wendy’s from the claims under the proposed settlement filed Feb. 13.
The institutions, including First Choice Federal Credit Union and Alcoa Community Federal Credit Union, sued Wendy’s over the data breach, saying vulnerabilities in the chain’s data security systems were responsible for the malware attack that impacted 18 million payment cards. They brought their action under Ohio consumer protection laws.
The breach involved “third-party criminal cyberattacks” of some independently owned Wendy’s franchise restaurants, according to the settlement.
The parties filed a joint-motion to have settlement proceedings before a magistrate judge. If that isn’t approved, U.S. District Judge Nora Berry Fischer of the Western District of Pennsylvanian will rule on the proposed settlement.
Scott+Scott Attorneys at Law LLP and Carlson Lynch Sweet Kilpela & Carpenter LLP represented the plaintiffs. Alston & Bird LLP represented Wendy’s.
The case is First Choice Fed. Credit Union v. Wendy’s Co., W.D. Pa., No. 16-cv-16506, preliminary settlement 2/13/19.