Wendy’s Recent Data Breach: Why It’s Serious

The recent Wendy’s 2016 data breach affected approximately 300 of its 5,500 stores. Security expert Brian Krebs reported “Some of breached Wendy’s locations were still putting customer card data at risk in March and April of 2016.” Many security professionals believed the breach illustrated an uptick in point-of-sale financial crime for both small and mid-sized businesses. This breach is serious, as it can put a dent in Wendy’s reputation and sales.

Wendy's Data Breach

How Consumers are Affected

While consumers are protected from losses due to the breach, they likely will have to go through the hassle of getting a new card and updating their accounts. Some don’t even know if their personal information was compromised, as the investigation is still ongoing. This not knowing is very unsettling. As a result of the breach, Wendy’s faces:

  • Loss in credibility
  • Loss in sales
  • Numerous lawsuits

How Wendy’s is Affected

In addition to a reputational loss and loss in sales volume, Wendy’s is now faced with a class-action lawsuit in Florida. A complaint has been filed in Orlando federal court alleging that the drive-thru burger establishment provided inadequate safety measures and failed to timely notify its customers. One plaintiff suffered $600 in unauthorized charges resulting from the breach. It’s also alleged that Wendy’s did not adopt newer technology to prevent the data theft. Plaintiffs are suing Wendy’s for negligence, breach of contract and violation under Florida’s Unfair and Deceptive Trade Practices Act. Wendy’s has since hired a security firm to investigate. All around, it’s bad news for Wendy’s. These legal disputes between Wendy’s, its franchisees and customers, center on liabilities small and mid-sized business owners face as hacking challenges increase.

Liability Exposure

In 2015, the credit card industry set new rules requiring all retailers to upgrade to new card readers in order to enhance security. This includes Visa, MasterCard and Europay. This new protocol moves fraud liability to merchants and retailers and away from banks. In the case of Wendy’s, if the franchisees are at fault, they will be liable with reimbursing hacking victims. The recent hack puts Wendy’s more than a year behind the credit card industry’s deadline for compliance with new regulations. Plus, Wendy’s has other legal problems. DavCo Restaurants have sued in a dispute over Wendy’s decision to not require franchises to upgrade their point-of-sale systems. It’s important for small and mid-sized businesses to know that liability has shifted from big banks to small and mid-sized business owners.

If you’re a small or mid-sized company, turn to QualityIP for managed IT services, email us at [email protected] or call us at (330) 931-4141 to protect your company from hackers.