First Choice Credit Union has opened a class-action suit against Wendy's, alleging the hamburger chain's inadequate security allowed hackers to infiltrate its networks to steal customers' credit and debit card information.

According to the lawsuit hackers made “hundreds of thousands of fraudulent purchases” on credit and debit cards issued by various financial institutions after breaching Wendy's computer systems late last year.

Bob Bertini, Wendy’s spokesperson, said: “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”

The lawsuit is to be a warning to other retailers. George Rice, senior director of payments for HPE Security - Data Security, said: “In addition to consumer restitution, industry fines and corporate brand damage, the financial consequences of PCI data breaches now routinely include the costs of defending against lawsuits brought by affected parties and any resulting judgements. Security-deficient merchants will find it difficult to defend themselves against such lawsuits when powerful data security solutions are readily available on the market. Solutions such as point-to-point encryption and tokenization allow for the protection of sensitive data from the moment of acceptance and throughout its lifecycle in the organization."

“And unfortunately, PoS systems are often the weak link in the chain—they should be isolated from other networks, but often are connected,” said Rice. “A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.”

Source: InfoSecurity