(CN) - A class action claims Wendy's negligently exposed its customers' credit and debit card information to the hackers responsible for a data breach discovered in January.
The fast-food giant disclosed on Jan. 27 that it had undertaken a data breach investigation after discovering malicious software designed to steal customer payment data on computers that operate its payment processing system.
In a complaint filed in the Orlando, Fla. Federal Court, lead plaintiff Jonathan Torres claims hackers used his debit card information to rack up nearly $600 charges shortly after he visited a Wendy's restaurant in early January.
Torres claims the hamburger chain employed inadequate safety measures and failed to quickly send notice to customers. He is asking the court to certify a class of other Floridians who also faced credit card fraud after eating at a Wendy's.
"Wendy's could have prevented this data breach," the Feb. 8 complaint states, adding the software was most likely a variant of the "BlackPOS" malware that affected other large companies last year. "While many retailers, banks and card companies responded to recent breaches by adopting technology that helps make transactions more secure, Wendy's has acknowledged that it did not do so."
One point of contention is Wendy's failure to separate payment information from customers' personal information.
"It is well known and the subject of many media reports that Private Identifiable Information is highly coveted and a frequent target of hackers," the complaint states.
Torres is suing for negligence, breach of contract and violation of Florida's Unfair and Deceptive Trade Practices Act.
In addition to damages, Torres wants the court system to ensure the security measures put in place are sufficient.
Bob Bertini, spokesman for Wendy's, declined comment on the lawsuit.
Torres is represented by John Yanchunis of the Orlando-based firm Morgan and Morgan. He did not return a call and e-mail request for comment.
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.
Additional Reads
-
How personal injury lawyers took over the LA skyline February 10, 2023 -
Apple: Most iCloud data can now be end-to-end encrypted December 7, 2022