Scott+Scott Files Lawsuit on Behalf of Financial Institutions Harmed by Arby’s Data Breach

NEW YORK--()--Scott+Scott, Attorneys at Law, LLP (“Scott+Scott”), announces that it has filed a lawsuit on behalf of a putative class of financial institutions that suffered damages as a result of the recently-announced data breach at nationwide locations of Arby’s Restaurant Group, Inc. (“Arby’s”).

In or around October 2016, computer hackers began using malicious software, known as malware, to access point-of-sale systems at Arby’s locations throughout the United States. This data breach lasted through at least January 2017 (and possibly later) when Arby’s first learned of the data breach only after being notified of the breach by industry partners. Arby’s did not publicly acknowledge the breach until February 16, 2017, approximately four months after hackers first gained entry into Arby’s data systems.

Hackers were able to gain entry into Arby’s data systems by exposing substantial weaknesses and vulnerabilities in Arby’s computer and point-of-sale systems by installing malware to extract payment card data from customers’ credit and data cards. In the breach, hackers stole Track 1 and Track 2 data, which normally includes the accountholder’s name, primary account number, expiration date, service code, and verification code.

On behalf of a financial institution, Scott+Scott has filed a class action lawsuit in the Northern District of Georgia, First Choice Federal Credit Union v. Arby’s Restaurant Group, Inc., to recover damages incurred as a result of the data breach at Arby’s. The complaint alleges that the breach was the inevitable result of Arby’s inadequate data security measures and approach to data security. Arby’s data security deficiencies are alleged to have been so significant that hackers were able to install the malware and remain undetected for several months, until outside parties notified Arby’s that its computer and point-of-sale systems had been breached.

To aid consumers whose data may have been stolen, financial institutions have been forced to reissue potentially millions of credit and debit cards. This process, which costs several dollars per card, imposes substantial costs on such financial institutions, who also incur many administrative expenses and overhead charges dealing with monitoring and preventing fraud. These financial institutions must also reimburse fraudulent charges and lose interest and transaction fees.


If you are a financial institution and are interested in learning more about or joining this litigation, please contact attorney Joseph Guglielmo at: (212) 223-6444 or at:


Scott+Scott has significant experience in prosecuting major competition, consumer, securities, and antitrust actions throughout the United States. The firm represents pension funds, foundations, individuals, and other entities worldwide. Scott+Scott has represented financial institutions in other data breach class actions, including those against Target, Home Depot, Wendy’s, K-Mart, and MAPCO.


Scott+Scott, Attorneys at Law, LLP
Michael Burnett, 800-404-7770

Recent Stories

RSS feed for Scott+Scott, Attorneys at Law, LLP