Wendy’s to Pay Millions in Class-Action Data Breach Settlement

The lawsuit alleged the company did not adequately protect customer payment information. The malware breach impacted more than 1,000 of its restaurants and will cost the company $50 million.

by Megan Henry, The Columbus Dispatch / February 15, 2019

(TNS) — Wendy's will pay $50 million to settle a class-action lawsuit from a data breach that hit more than 1,000 of its restaurants in 2015 and 2016.

On Wednesday, the Ohio-based burger chain announced the pending agreement with financial institutions that alleged Wendy's did not protect customer credit card information. Wendy's said it will pay $27.5 million of the settlement, with the rest covered by insurance.

"With this settlement, we have now reached agreements in principle to resolve all of the outstanding legal matters related to these criminal cyberattacks," Todd Penegor, Wendy's president and CEO, said in a news release.

Wendy's said 1,025 stores, all owned by franchisees, had malware that could have stolen customer data, such as credit or debit card numbers, names, expiration dates, and more. Of the restaurants, 20 were in central Ohio.

"We look forward to putting this behind us so that we can continue to focus on growing the Wendy's brand," Penegor said.

©2019 The Columbus Dispatch (Columbus, Ohio). Distributed by Tribune Content Agency, LLC.