Arby’s has announced that its point-of-sale system had been compromised by intruders over a four month period between October of 2016 and January of 2017, exposing the credit and debit card information of 355,000 customers. It is unknown at the present time which Arby’s restaurants were included in the incident, but it is estimated that 1,000 corporate locations were affected.
In record time, Arby’s has been hit with multiple class action lawsuits involving the data breach. One is spearheaded by customers. They allege that Arby’s had lax data security, which caused the breach. A second was filed by four credit unions and the Michigan Credit Union League alleging that the breach caused the credit unions and others to incur costs to cancel and reissue credit and debit cards, change or close accounts, notify members that the cards were compromised, investigate claims of fraud, refund consumers fraudulent charges, and implement detection and mitigation measures for consumers.
There is also an allegation that “the charges associated with this breach at Arby’s have been more concentrated than in other recent data breaches…” which caused the plaintiffs to suffer greater losses.