Wendy’s Data Breach – $50 Million Settlement and Improved Security Protocols


In re: First Choice Fed. Credit Union v. The Wendy’s Company., No. 16-cv-506 (W.D.Pa.)

In 2016, First Choice Federal Credit Union and other financial institutions sued Wendy’s fast food restaurant over a five-month-long data breach, citing the vulnerabilities in the chain’s data security systems that allowed hackers to access 18 million payment cards. Scott+Scott acted as co-lead counsel representing the financial institutions and the putative class in this action.

Wendy’s was accused of failing to keep pace with security measures adopted by retailers and restaurants in recent years to protect against data theft, including the use of so-called EMV chips. Plaintiffs contended that Wendy’s missed the “deadline of October 1, 2015 for businesses to transition their systems from magnetic-stripe to EMV technology,” and that Wendy’s “failure to transition to the use of EMV technology” constituted negligence. Those failures were responsible for the malware attack that allowed hackers to: steal customers’ credit and debit card numbers and other payment card data, steal customers’ personal identifiable information, and cause card-issuing institutions to incur costs for canceling and reissuing compromised cards and in reimbursing fraudulent charges.