Wawa Faces Credit Card Class Actions Over Data Breach
The new group of lawsuits filed by financial entities add to the growing consumer-focused litigation that is also pending in the Eastern District of Pennsylvania federal court.
February 11, 2020 at 02:57 PM
4 minute read
The original version of this story was published on The Legal Intelligencer
As customers continue to file lawsuits against the convenience store chain Wawa over a data breach it experienced last year, credit card companies have begun filing class action lawsuits of their own over the hack that exposed payment card information from users at potentially all of the company's locations.
Since January, attorneys from the Pittsburgh data privacy boutique Carlson Lynch have filed three class action lawsuits in the U.S. District Court for the Eastern District of Pennsylvania, alleging that the Delaware County, Pennsylvania-based company negligently failed to protect its payment card data. In their complaints, the plaintiff-companies, Inspire Federal Credit Union, First Choice Federal Credit Union and Greater Cincinnati Credit Union, argued that they hold the ultimate burden of resolving the problems that Wawa consumers may now face.
"As a result of the Wawa data breach, plaintiff and class members are required, and will continue to be required, to cancel and reissue payment cards, change or close accounts, notify members/customers that their cards were compromised, investigate claims of fraudulent activity, refund fraudulent charges, increase fraud monitoring on potentially impacted accounts, and take other steps to protect themselves and their members/customers," Cincinnati Credit Union said in its complaint, which was filed Feb. 7. "Plaintiffs and members of the class also lost or will lose interest and transaction fees due to reduced card usage. Furthermore, debit and credit cards belonging to plaintiff and class members—as well as the account numbers on the face of the cards—were devalued."
Carlson Lynch attorney Gary Lynch filed the lawsuits. Lynch is on the steering committee in the class actions brought against Marriott Inc.'s data breach and played a lead role in convincing the Pennsylvania Supreme Court that companies have a common-law duty to protect their electronically stored employee data in Dittman v. UPMC.
Lynch said he has represented dozens of other financial institutions who have sued over prior data breaches, and has been in talks with those companies about the Wawa breach.
"If there are financial institutions that want to be class representatives, we will add them as appropriate," he said. "We are in discussions with other financial institutions who may be interested in joining the lawsuit."
Although only Lynch filed the Greater Cincinnati Credit Union's suit, on the Inspire Federal Credit Union suit, Lynch was joined by attorneys from Lowey Dannenberg in White Plains, New York; The Coffman Law Firm in Beaumont, Texas; Levin Sedran & Berman and Golomb & Honik in Philadelphia; and the firms Lockridge Grindal Nauen and Chestnut Cambronne in Minneapolis.
The new group of lawsuits filed by financial entities add to the growing consumer-focused litigation that is also pending in the Eastern District of Pennsylvania federal court.
The first lawsuits over the data breach began to be filed Dec. 20—the day after Wawa's CEO said in an open letter there had been a breach of the company card payment data. According to the letter, malware that had been active since March was discovered Dec. 10, and the company contained it by Dec. 12. The letter said the malware potentially exposed payment card information from customers at all Wawa locations, including credit and debit card numbers, expiration dates and names.
The suits brought by the financial institutions said Wawa refused to implement best practices, or upgrade critical security, and argued that, with the rise of high-profile data breaches at other chains like Wendy's and The Home Depot, it should have been aware of the need for increased data security. The companies also contended that Wawa failed to comply with the Federal Trade Commission's requirements, or the minimum security standards outlined by the Payment Card Industry Security Standards Council.
According to Lynch, historically, in data breach cases, the suits brought by financial institutions are put on a separate track from those that are brought by consumers.
Lynch, who has handled data breach cases since the hack of retail giant Target in 2013, also said the Wawa case is unique in that the customers are geographically concentrated, and the hack involved swipe point of sale machines, rather than machines that used chip technology, which, he said, could affect the damages.
No attorneys have entered their appearances yet on behalf of Wawa in the suits brought by either Inspire Federal Credit Union or Greater Cincinnati Credit Union, but, in the consumer class actions, Ezra Church at Morgan, Lewis & Bockius is representing the company. Church did not return a call seeking comment.
Wawa is incorporated in New Jersey.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLitigators of the Week: After a 74-Day Trial, Shook Fends Off Claims From Artist’s Heirs Against UMB Bank
An ‘Indiana Jones Moment’: Mayer Brown’s John Nadolenco and Kelly Kramer on the 10-Year Legal Saga of the Bahia Emerald
‘It's Your Funeral’: Avoiding Doing Damage to Your Client’s Case With Uncivil Behavior
Law Firms Mentioned
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250