Who is a Class Member
You are included in the the Wendy’s Consumer Data Breach class action settlement if your Personal Information was compromised as a result of a 2016 security incident.
If you don’t qualify for this settlement, check out our database of other class action settlements you may be eligible for.
Estimated Award
- Up to $5,000
The Settlement will provide cash payments to people who submit valid claims. There are two types of payments that are available:
- (1) Documented Expense Reimbursement; and
- (2) Undocumented Time Spent
The aggregate total amount that any Settlement Class Member may receive in reimbursement for these two types of payments will not exceed $5,000. You may submit a claim for either or both types of payments.
Proof of Purchase
- Documented Losses and Time: If you have documentation establishing that you suffered out-of-pocket losses, unreimbursed charges, or time spent remedying issues relating to the Wendy’s Data Breach, you can make a claim for reimbursement up to $5,000, including up to 5 hours of documented time at $15 per hour. You must submit supporting documentation for this claim.
- Undocumented Time: If you do not have documentation, you will still be eligible to self-certify your time spent remedying issues relating to the Wendy’s Data Breach at $15 per hour for up to 2 hours.
Note: The total amount for both Documented Losses and Time and Self-Certifying Time is capped at $5,000 per claimant.
Claim Form
Wendy’s Consumer Data Breach Settlement Notes
- Torres, et al. v. Wendy’s International LLC
- Case No. 6:16-cv-210-PGB-DCI
- Pending in the U.S. District Court for the Middle District of Florida
Plaintiff Jonathan Torres and several other named plaintiffs filed this class action lawsuit alleging Wendy’s failed to secure and safeguard its customers credit and debit card numbers and other personally identifiably information during restaurant purchases.
On July 7, 2016, Wendy’s revealed that customers at over 1,000 of its franchise restaurants—approximately 20% of its franchise locations—had their data stolen starting in the fall of 2015 and continuing through at least early June 2016. Just two months prior to this announcement, and five months into Wendy’s investigation of the data breach, Wendy’s stated that the data breach affected “less than 300” of its stores; now that estimate has more than tripled. Even in its July 7 announcement, Wendy’s noted that the investigation was still “ongoing.”
“Wendy’s has yet to disclose the approximate number of customers whose Customer Data was appropriated by unauthorized third parties during the at least nine-month long Data Breach period; however, in the spring of 2015, it was estimated that Wendy’s served approximately 50 million customers per month,” according to the Wendy’s data breach class action lawsuit.
Hackers installed malware designed to steal credit and debit card data on Wendy’s point-of-sale systems. Wendy’s has indicated that cybercriminals gained access via a third-party vendor with access to Wendy’s systems. The customer data stolen as a result includes cardholder names, credit/debit card numbers, expiration dates, cardholder verification values and service codes.
“Wendy’s could have prevented this Data Breach. Data breaches at other retail establishments in the last few years have been the result of malware installed on POS systems. While many retailers, banks and other companies have responded to recent breaches by adopting technology that helps makes transactions more secure, Wendy’s did not”, the lawsuit contends.
Wendy’s denies these claims and says it did not do anything wrong. The restaurants affected by the data breach were independently owned by franchisees and were not owned or controlled by Wendy’s itself. Complete details about the case and settlement are provided on the Wendy’s Data Breach settlement website.
Important Dates
- 3/21/19: Claim Form Deadline
- 12/21/18: Objection or Exclusion Deadline
- 2/25/19: Final Hearing at 10:30 am ET* (class members do not need to attend this hearing in order to receive a slice of the settlement pie).
*Settlement Class Members who wish to speak at the hearing should check www.WendysDataBreachSettlement.com to confirm that the date or time of the Hearing has not been changed.
Contact Information
- Mail: Wendy’s Data Breach Settlement Administrator, C/O KCC Class Action Services, P.O. Box 404000, Louisville KY 40233-4000
- Phone: 1-844-295-9845
Class Counsel
- John A. Yanchunis and Patrick A. Barthle of Morgan & Morgan Complex Litigation Group
- Jean Sutton Martin of Law Office of Jean Sutton Martin PLLC
- Ariana Tadler and Melissa Clark of Milberg Tadler Phillips Grossman LLP
- John Emerson of Emerson Scott LLP
- Jeremy Glapion of Glapion Law Firm LLC
Settlement Website