Content

First Choice Credit Union files class-action suit against Wendy’s over breach

Pennsylvania-based First Choice Credit Union filed a class action lawsuit against Wendy's over a data breach the retailer experienced last year.

The suit alleged that the fast-food chain didn't properly safeguard customer credit and debit card information, Reuters said, citing a report in Westlaw Next Practitioners Insight. The breach, which went undetected for weeks, let hackers make fraudulent purchases on the payment cards that were exposed.

Wendy's found malware on the systems at some of its restaurants that were under investigation after some customers reported unusual activity on their payment cards used at several of the fast-food retailers' locations. Because the breach went undetected for weeks, hackers racked up hundreds of thousands such purchases.

“In addition to consumer restitution, industry fines and corporate brand damage, the financial consequences of PCI data breaches now routinely include the costs of defending against lawsuits brought by affected parties and any resulting judgments,” George Rice, senior director, payments for HPE Security - Data Security, said in comments emailed to SCMagazine.com. “Security-deficient merchants will find it difficult to defend themselves against such lawsuits when powerful data security solutions are readily available on the market.”

Rice noted that point-of-sale (POS) systems “are often the weak link in the chain – they should be isolated from other networks, but often are connected.”

And, because it is in constant use, a checkout terminals is “usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.”

Savvy merchants, he said, are meeting risk head-on “and giving the malware nothing to steal through solutions that also have a dramatic cost-reducing benefit to PCI compliance.”

Retailers can eliminate “the exposure of live information in vulnerable POS systems” by “encrypting data in the card reading terminal ahead of the POS,” said Rice. “The attackers get only useless encrypted data.”

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.