Wendy’s has agreed to pay $50 million to settle negligence claims following its 2015-2016 data breach that affected more than 1,000 of the burger chain’s locations.
Payment card data was stolen from victims who purchased food at these locations then used fraudulently at other merchants after malware was installed through a third-party vendor.
The settlement includes attorneys fees and costs. Wendy’s said it would end up paying roughly $27.5 million of its own funds after exhausting insurance, according to the press release.
“With this settlement, we have now reached agreements in principle to resolve all of the outstanding legal matters related to these criminal cyberattacks,” Wendy’s President and CEOTodd Penegor said in the release. “We look forward to putting this behind us so that we can continue to focus on growing the Wendy’s brand.”
Last September, Wendy’s settled a class action lawsuit from customers affected by the breach.
“Point of sale systems are lucrative targets for bad actors,” The Media Trust Digital Security and Operations Manager Mike Bittner told SC Media. “These systems are often outsourced to third parties with weak security postures, and give access to millions of payment card information. When malicious campaigns succeed, bad actors are able to either sell the information on the dark web or commit identity theft themselves.”
Bittner added the fact that Wendy’s has had to settle with financial institutions and consumers shows the growing importance of securing identity and financial information. He explained that consumer privacy laws, both those that have already been enacted as well as those over the horizon, will force business to improve their data protection and privacy capabilities.
Almost always, the bad guys are getting into these large networks with a phishing email as their initial attack vector. Stepping users through new-school security awareness training is a must today.
Cyber security threats continue to proliferate and become more costly to businesses that suffer a data breach.
When it comes to combating these growing risks, most organizations continue to place more trust in technology-based solutions than on training their employees to be more aware of the threat landscape and able to recognize the red flags in cyber breach attempts.
Download this whitepaper below to learn how to best combat these threats including 5 recommended actions you can take to fortify your organization’s last layer of security – your employees.
KnowBe4 is the world’s largest integrated platform for awareness training combined with simulated phishing attack. It was founded in 2010, based in Tampa Bay, Florida. Currently, they have 19,000 customers across the world. The Chief Executive Officer and employees are ex-antivirus, IT security pros. Kevin Mitnick, the man behind and the most famous hacker in America are the Chief Hacking Officer of KnowBe4. KnowBe4 has helped thousands of organizations manage the ongoing problem of social engineering. KnowBe4 has been a winner for two consecutive Inc 500 awards.
Learn more at https://www.knowbe4.com/.