News

Class action filed against Arby's after data breach

February 27, 2017

A data breach at Arby's locations nationwide last fall has triggered a class action lawsuit on behalf of "financial institutions" that "suffered damages as a result," according to a press release from the Scott+Scott Attorney at Law firm.

The firm said hackers last October used malware on the chain's POS system in a breach that lasted through at least this past January. Arby's leadership learned of the breach when an "industry partner" notified the company, states the release.

Arby's publicly released information on the breach on Feb.16. The law firm alleges hackers exploited vulnerabilities in the POS system, allowing them to steal data from customers’ credit and data cards, including names, numbers, expiration dates, service and verification codes. 

Scott+Scott filed its class action, First Choice Federal Credit Union v. Arby's Restaurant Group, Inc., in the Northern District of Georgia. In the complaint, the firm alleges Arby's "inadequate data security" and measures taken by the chain to protect data were insufficient, allowing malware to go undetected. 

The suit states the financial institutions involved "have been forced to reissue potentially millions of credit and debit cards … which costs several dollars per card (and) imposes substantial costs on such financial institutions, who also incur many administrative expenses and overhead charges dealing with monitoring and preventing fraud." Likewise, the institutions involved must also pay back fraudulent charges, while losing interest and transaction fees, according to the release.