Connect with us

Hi, what are you looking for?



Wendy’s Reaches $50 Million Settlement With Banks Over Data Breach

US fast food restaurant chain Wendy’s announced recently that it has reached a settlement with the thousands of financial institutions impacted by the data breach suffered by the company in 2015 and 2016.

US fast food restaurant chain Wendy’s announced recently that it has reached a settlement with the thousands of financial institutions impacted by the data breach suffered by the company in 2015 and 2016.

Wendy’s discovered the breach in January 2016 after the payment industry noticed fraud patterns on some cards used at its restaurants. While initially it appeared that roughly 300 locations had been affected, the investigation launched by the company later revealed that the number of impacted restaurants actually exceeded 1,000.

The hacker attack, aimed at independently owned and operated franchise restaurants, involved a piece of malware designed to steal payment card information, including names, card numbers, expiration dates, and CVVs.

Wendy’s was sued by both customers and financial institutions. The company reached a $3.4 million settlement with customers last year, with each impacted individual being eligible for up to $5,000 in compensation.

Wendy’s last week announced that it also reached a settlement with the banks and credit unions whose payment cards were compromised as a result of the breach. The settlement must still be approved by a court and, as the recent Yahoo case demonstrated, that is not always just a formality.

The Wendy’s breach is said to have impacted 18 million payment cards issued by roughly 7,500 credit unions and banks. The fast food chain has agreed to pay $50 million to settle the lawsuit brought by these organizations, but it expects to pay only $27.5 million of that amount as the rest should be covered by insurance.

The company says the $50 million includes attorney fees and costs. If the deal is approved by the court, the payments will likely be made in late 2019.

Advertisement. Scroll to continue reading.

“We are encouraged by the progress made to resolve this case, and we believe this settlement is in the best interests of Wendy’s and its shareholders,” said Todd Penegor, President and CEO of Wendy’s. “With this settlement, we have now reached agreements in principle to resolve all of the outstanding legal matters related to these criminal cyberattacks. We look forward to putting this behind us so that we can continue to focus on growing the Wendy’s brand.”

Related: Huddle House Suffers Payment Card Breach

Related: Neiman Marcus Reaches $1.5 Million Data Breach Settlement

Related: Lenovo Pays $7.3 Million to Settle Superfish Adware Lawsuit

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.