By Jeff Martin
Associated Press
ATLANTA (AP) — Georgia-based Arby’s restaurant chain failed to prevent hackers from stealing customer information at hundreds of its stores, a Connecticut couple said in a new federal lawsuit.
Since early February, eight credit unions and banks from Indiana, Alabama, Arkansas, Louisiana, Michigan, Pennsylvania and Montana have filed seven other federal lawsuits. All make similar allegations about what the credit unions describe as a massive data breach.
Arby’s said in a statement Monday that it’s not commenting on the pending litigation, but “we believe the claims are without merit and intend to vigorously defend against them.”
From late October through Jan. 19, “hundreds of thousands, if not millions, of credit and debit cards issued by financial institutions, including Plaintiff, were compromised due to Arby’s severely inadequate security practices,” North Alabama Educators Credit Union states in its lawsuit filed last month.
“Arby’s actions and omissions left highly sensitive Payment Card Data of the Plaintiff’s customers exposed and accessible for hackers to steal for nearly three months,” the Alabama credit union maintains.
In the latest lawsuit, Jacqueline and Joseph Weiss of Glastonbury, Connecticut, say computer hackers used data-looting malware to penetrate systems at about 1,000 Arby’s restaurants during the breach.
In December 2016, the couple discovered thousands of dollars in unauthorized charges on the Visa card they’d used at an Arby’s in Connecticut, they say in their lawsuit filed last week.
The Weiesses’ lawsuit asserts that a credit union organization alerted its members that at least 355,000 credit and debit cards were compromised by the Arby’s breach.
By installing malware at the “Point Of Sale” or cash register, hackers were able to “steal payment card data from remote locations as a card was swiped for payment,” Indiana-based Midwest America Federal Credit Union claimed in a February lawsuit.
Arby’s “knew the danger of not safeguarding its POS network as various high profile data breaches have occurred in the same way, including data breaches of Target, Home Depot and, most recently, Wendy’s,” the Indiana credit union maintains in its lawsuit.
Lawyers for the Weisse’s say the threat isn’t over.
“There is a strong probability that entire batches of stolen information have yet to be dumped on the black market,” they state, meaning Arby’s customers “could be at risk of fraud and identity theft for years into the future.”
It’s not clear whether a criminal investigation has been opened in the Arby’s breach. The FBI’s policy is not to confirm or deny whether a matter is being investigated, FBI Special Agent Stephen Emmett said Monday.
- Posted March 29, 2017
- Tweet This | Share on Facebook
Lawsuits claim hackers stole customer data at Arby's
headlines Oakland County
- Associations gather for Spring Fling
- Supreme Court denies rehearing request by attorneys sanctioned for meritless election lawsuit
- Law school conducts ‘Know Your Rights Day’ for high school students
- Oakland County household hazardous waste dropoff events promote environmental stewardship and safeguard communities
- Nessel testifies in support of BRITE Act
headlines National
- Incarceration series includes female inmates but doesn’t tell full story
- ACLU and BigLaw firm use ‘Orange is the New Black’ in hashtag effort to promote NY jail reform
- Former DOJ official who alleged election fraud violated at least one ethics rule, ethics committee says
- Winston & Strawn will provide reduced-cost legal services for routine tasks under Winston Legal Solutions umbrella
- Should Justice Sotomayor retire? Chemerinsky, White House haven’t joined calls for her to step down
- Which BigLaw firms are increasing lateral associate hiring the most? One made legal headlines last year