Lawsuit: Arby’s failed to prevent hackers

ATLANTA— Georgia-based Arby’s restaurant chain failed to prevent hackers from stealing customer information at hundreds of its stores, a Connecticut couple said in a new federal lawsuit.

Since early February, eight credit unions and banks from Indiana, Alabama, Arkansas, Louisiana, Michigan, Pennsylvania and Montana have filed seven other federal lawsuits. All make similar allegations about what the credit unions describe as a massive data breach.

Arby’s said in a statement Monday that it’s not commenting on the pending litigation, but “we believe the claims are without merit and intend to vigorously defend against them.”

From late October through Jan. 19, “hundreds of thousands, if not millions, of credit and debit cards issued by financial institutions, including Plaintiff, were compromised due to Arby’s severely inadequate security practices,” North Alabama Educators Credit Union states in its lawsuit filed last month.

“Arby’s actions and omissions left highly sensitive Payment Card Data of the Plaintiff’s customers exposed and accessible for hackers to steal for nearly three months,” the Alabama credit union maintains.

In the latest lawsuit, Jacqueline and Joseph Weiss of Glastonbury, Connecticut, say computer hackers used data-looting malware to penetrate systems at about 1,000 Arby’s restaurants during the breach.

In December 2016, the couple discovered thousands of dollars in unauthorized charges on the Visa card they’d used at an Arby’s in Connecticut, they say in their lawsuit filed last week.

The Weiesses’ lawsuit asserts that a credit union organization alerted its members that at least 355,000 credit and debit cards were compromised by the Arby’s breach.

By installing malware at the “Point Of Sale” or cash register, hackers were able to “steal payment card data from remote locations as a card was swiped for payment,” Indiana-based Midwest America Federal Credit Union claimed in a February lawsuit.

Arby’s “knew the danger of not safeguarding its POS network as various high-profile data breaches have occurred in the same way, including data breaches of Target, Home Depot and, most recently, Wendy’s,” the Indiana credit union maintains in its lawsuit.

Lawyers for the Weisse’s say the threat isn’t over.

“There is a strong probability that entire batches of stolen information have yet to be dumped on the black market,” they state, meaning Arby’s
customers “could be at risk of fraud and identity theft for years into the future.”



Leave a Comment

Your email address will not be published.

On Key

Related News

David Louis Salmons, Jr. 

Graveside services for David Louis Salmons, Jr. was held Friday, May 20, 2022, at 11:00 a.m. at Gardens of Memory with Charles Pate officiating.   David

Catherine Ann Salmons 

Funeral services celebrating the life of Catherine Ann Salmons will be held Saturday, May 21, 2022, at 11:00 a.m. at Whispering Pines Missionary Baptist Church

Jerry Roberts 

Funeral services celebrating the life of Jerry Roberts was held Thursday, May 19, 2022, at 10:00 a.m. at Rose-Neath Funeral Home Chapel in Minden, Louisiana