One Michigan credit union announced they are temporarily declining any use of its credit and debit cards at Wendy’s restaurants.
The $301-million Jackson, Mich.-based American 1 Credit Union stated that this new policy will go into effect on October 3 until further notice.
“While Wendy’s has reported that the malware responsible for the cyberattacks has been disabled at all franchise locations affected by the data breach, community members have still been reporting fraudulent activity on their accounts, even after reissuance of their debit or credit card. Therefore, in order to protect member accounts, the credit union made the decision to decline all credit and debit card transactions at any Wendy’s location until further notice,” the credit union stated in a blog.
American 1 Credit Union’s revealed total losses to date, due to the Wendy’s cyberattack, are equal to the losses taken with the 2014 Home Depot data breach and continue to grow. During the Home Depot cyberattacks, American 1 reissued over 4,200 cards and paid for 89% of member losses out of pocket.
The Wendy’s cyberattacks resulted in the compromise of more than 18,000 of American 1’s 47,000 issued cards. “The amount of stolen money American 1 has already returned to its members is just shy of the amount returned in the Home Depot cyberattacks, with additional disputes being resolved daily,” the credit union disclosed.
According to CUNA, industry sources estimated the tab of fraudulent charges stemming from the Wendy’s breach are larger than the Target and Home Depot incidents, which cost credit unions more than $90 million combined.
“When malicious cyberattacks, like the recent attack on Wendy’s occur, there are many victims,” David Puckett, CEO of American 1 said in blog posting. “Not only are the cardholders’ assets put at risk, but the financial institutions that issued the cards are left to foot the bill of any resulting theft.”
In May, the Dublin, Ohio-based, fast food chain said it believed that the hack compromised only about 300 of its franchises. Then in June, Wendy’s confirmed the data breach of customer payment-card data at 1,025 of its restaurants nationwide dating back to the fall 2015.
In June, the Michigan Credit Union League, its members, and CUNA advocated for stronger merchants and card network accountability after the breach forced several credit unions to cover associated costs. CUNA also announced it was also joining a data breach lawsuit against the restaurant chain.
NAFCU President/CEO Dan Berger issued a statement in light of Wendy’s announcement: “Congress must act to implement national data security standards for retailers. Without these standards, essentially every time consumers use their credit or debit card they are gambling to see when their data will be breached, not if.”
