Arby’s Sued Following Massive Credit Card Breach

Arby’s, home of the absurd “Meat Mountain” sandwich, is now facing a veritable mountain of lawsuits. In February news broke that the fast-food chain had fallen victim to a massive credit card data breach, and now it’s been hit with eight different lawsuits from banks, credit unions, and customers who say Arby’s failed to keep their data safe from hackers, the New York Times reports.

The breach is thought to have occurred sometime between October 2016 and January 2017 and included data from more than 350,000 customer debit and credit cards, according to cybersecurity expert Brian Krebs, who first reported on the breach. The incident only affected Arby’s corporate-owned stores, not franchise locations. (Corporate-owned stores make up approximately one-third of the company’s 3,000-plus U.S. stores.) According to one of the suits, hackers installed malware at cash registers that enabled them to remotely obtain customer credit card data.

The chain learned of the data breach in January but was asked by the FBI not to publicize the incident. Per Krebs, “Arby’s said the breach involved malware placed on payment systems,” and the company says said malware has since been “fully contained and eradicated.” Arby’s said in a statement released last month that customers should review their credit card statements and report any unauthorized activity to their bank.

Arby’s certainly isn’t alone in its cybersecurity woes: Other high-profile data breaches in recent years include Wendy’s, Jimmy John's, Rainforest Cafe, Morton's, P.F. Chang's, and Dairy Queen. The chain does not comment on pending litigation.

• Lawsuits: Hackers Stole Customer Data at 1,000 Arby's Stores [New York Times]
• Fast Food Chain Arby’s Acknowledges Breach [Krebs on Security]
• Wendy’s Is Latest Victim of Credit Card Breach [E]
• Been to a Rainforest Cafe Lately? Better Check Your Bank Statement [E]