Printed from

Shareholder sues Wendy’s over data breach

Posted On: Dec. 21, 2016 2:42 PM CST

Shareholder sues Wendy’s over data breach

A Wendy’s Co. shareholder has filed a derivative lawsuit against the company and its officers and directors in connection with a cyber breach it said stretched from October 2015 through June 2016 and affected more than 1,000 franchise locations.

Although the data breach at the Dublin, Ohio-based hamburger chain had been discovered in late January 2016, it “ran unabated for almost an additional six months,” according to the Dec. 16 litigation filed in U.S. District Court in Cincinnati in James Graham et al. v. Nelson Peltz et. al. and The Wendy’s Co.

The lawsuit says the defendants knew a security breach presented a significant threat to Wendy’s, that its computer systems were vulnerable to hackers and that it had failed to implement “reasonable measures” to secure its customer data, including those required by its contracts with the payment card industry.

As a result of the defendants’ misconduct, “Wendy’s failed to maintain proper internal controls, consciously disregarded multiple red flags alerting the individual defendants to multiple areas of noncompliance with the company’s existing policies and procedures and problems with (its point-of service) system, caused the company to release false and misleading statements and substantially damaged the company’s credibility,” says the lawsuit.

It says Wendy’s is now facing lawsuits filed on behalf of both financial institutions and consumers, which are now pending in federal courts in Pennsylvania and Florida.

The lawsuit charges the individual defendants with breach of fiduciary duty, waste of corporate assets, unjust enrichment and gross mismanagement. 

A company spokesman could not immediately be reached for comment.