Wendy’s Enters into Settlement Agreement Stemming from Cyberattack Lawsuit

Two years after Wendy’s suffered a massive security breach, the company has entered into a settlement agreement with various financial institutions that had filed class-action lawsuits were filed against the company as a result of a series of cyberattacks Wendy’s franchisees suffered in 2015 and 2016.

The criminal cyberattacks targeted the point-of-sale systems at more than 1,000 Wendy’s locations, or around 18 percent of Wendy’s franchised locations at the time. The series of attacks took place between November 2015 and May 2016 with one in particular lasting from October 2015 to March 2016.

During the attacks hackers were able to access debit and credit card information—including cardholder names, credit or debit card numbers, and expiration dates—as a result of malicious software that was found on the company’s point-of-sales systems.

In 2016 financial institutions brought on a nationwide class-action suit alleging that Wendy’s failed in both safeguarding customer-payment card information and in providing notice that payment card information had been compromised.

“We are encouraged by the progress made to resolve this case, and we believe this settlement is in the best interests of Wendy’s and its shareholders,” said Todd Penegor, president and chief executive officer, in a statement. “With this settlement, we have now reached agreements in principle to resolve all of the outstanding legal matters related to these criminal cyberattacks. We look forward to putting this behind us so that we can continue to focus on growing the Wendy’s brand.”

If the proposed settlement is approved, the financial institutions will receive $50 million. Wendy’s expects to pay approximately $27.5 million of this amount. The settlement agreement is subject to court approval and Wendy’s anticipates the payment won’t need to be made until late 2019.

Over the past few years, various chains in the restaurant industry have experienced some sort of cyberattack. In April 2018, it was revealed that up to 37 million customers could have been affected by information possibly leaked on Panera’s website. Applebee’s faced down a hack of 160 units in March, while in limited service, Jason’s Deli, Arby’s, Sonic Drive-In, Chipotle, Pizza Hut, and PDQ grappled with breaches recently.

Daddy’s Chicken Shack Names Dave Liniger Jr. CEO

Daddy’s Chicken Shack, the quick-service concept dedicated to serving up good livin’ and better chicken, announced today two new promotions within their executive team. Tony Adams, who previously served as the Vice President and Chief of Staff for Area 15 Ventures, will now be taking on the role of President for Daddy’s Chicken Shack while […]

Shake Shack Expands Partnership on Carbon Neutral Whole Milk

Neutral Foods, the first certified carbon neutral food company in the U.S, announced the expansion of its partnership with Shake Shack to supply its certified Carbon Neutral Whole Milk to over 90 Shake Shack locations in the U.S. Shake Shack is the first fast casual restaurant partner for Neutral Foods and is using Neutral Milk […]

Alberto Sosa Bringing Pollo Campero to Smyrna, Tennessee

Alberto Sosa, who already owns two Pollo Campero franchises in Tennessee, is bringing the Central American chicken concept to the Nashville suburb of Smyrna. With over 100 U.S. locations and another 350 worldwide, the Central American chicken franchise is growing quickly, bringing family-recipe-inspired, flavorful chicken meals to the markets it enters. Smyrna’s new Pollo Campero […]

You might also like...

Also in Growth

Get daily updates on quick-serve industry news, tips, and events.