From fraudulent charges to frozen accounts, thousands of Michiganders dealt with the fallout from the massive data breach at Wendy’s restaurants. And so did their financial institutions, which is why the state’s credit unions say they’re fighting back.
The Michigan Credit Union League has joined a class-action lawsuit against Wendy’s, alleging the crisis was due to poor security measures and a slow response to the breach.
Ken Ross, executive vice president of the Michigan Credit Union League, said the suit is just the first step. He explained that, when it comes to financial transactions, credit unions and banks are held to a high security standard, but there’s a weak link in the chain.
“There’s simply no similar requirements that exist for retailers, and that’s really the source of the problems, is that retailers don’t have the protections in place to protect their customer data,” he said.
Federal legislation is pending that would hold retailers accountable for data breaches and require them to provide prompt notification when a breach occurs. Ross said similar data breaches at Target and Home Depot stores in 2013 and 2014 cost Michigan credit unions nearly $4.5 million, including reissuing new cards and refunding members’ lost money.
Ross said the current situation is not only costly, it’s creating unnecessary confusion and frustration all around.
“At the end of the day, what a consumer sees is, ‘Oh, my financial institution must have screwed up because they’re sending me a new card,’” he explained. “And they somehow think that the credit union or bank is the one at fault, when in fact they’re just responding to a breach that occurred at a retailer.”
He added that it is critical for consumers to stay vigilant and monitor their card statements and credit reports.
Wendy’s has apologized for the breach, which affected customers between December of 2015 and June of this year, and offered one year of fraud protection and identity restoration services for those affected.