Atlanta-based Arby’s Restaurant Group is facing several class-action lawsuits in U.S. District Court in Atlanta over a reported data breach that allegedly put customers’ financial security at risk.
The fast food chain has acknowledged a breach perpetrated by hackers using “malware” at its corporate locations across the country from Oct. 25 to Jan. 19, according to the suits.
“The Arby’s Data Breach was the inevitable result of Arby’s inadequate data security measures,” said one suit, filed by First Choice Federal Credit Union, which claims to be one of more than 100 parties. “Despite the well-publicized and ever-growing threat of cyber breaches involving payment card networks and systems, Arby’s failed to ensure that it maintained adequate data security...”
Arby’s has more than 1,000 corporate locations, where the hacks were reportedly isolated, thus not reaching its franchise locations. In total, the chain has more than 3,300 restaurants, according to the suit.
Arby’s online database of locations doesn’t indicate which are corporate and which are franchises.
In a statement to The Atlanta Journal-Constitution, the company said it isn’t commenting on the litigation, “except to say that we believe the claims are without merit and intend to vigorously defend against them.”
The chain has said it immediately notified law enforcement and “enlisted the expertise of leading security experts,” when it learned there could’ve been a breach.
The plaintiffs allege Arby’s owes them for all the work it took putting out the fire for customers who feared their cards had been compromised.
The suits are filed in federal court in Atlanta because Arby’s has corporate headquarters in Sandy Springs, near the Fulton-DeKalb County line.