Banks File Suit Against Arby’s
From October 2016 through January 2017, hackers were able to access Arby’s point-of-sale systems by installing malware on the restaurant chain’s network. Arby’s waited to notify the public of the breach until February at the request of law enforcement officials.
Scott & Scott, the law firm representing the financial institutions in this suit, alleges the cybercriminals were able to take advantage of substantial weaknesses and vulnerabilities in Arby’s computer systems. They believe cardholder names, account numbers, card expiration dates, service codes and verification codes were stolen.
The lawsuit, First Choice Federal Credit Union v. Arby’s Restaurant Group, Inc., has been filed in the Northern District of Georgia. It alleges the breach was inevitable since Arby’s did not take adequate measures to protect data.
The suit further alleges that financial institutions incurred significant losses as a result of this breach, as they had to reissue millions of debit and credit cards. Not only did it cost several dollars per card to send customers new cards, there were also administrative expenses and overhead charges for monitoring and preventing fraud. In addition, the banks were forced to reimburse fraudulent charges, which made them lose money on interest and transaction fees.