Arby’s Franchisee Data Breach Lawsuit Says Thousands of Current, Former Employees Impacted by 2024 Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

An Arby’s franchisee faces a proposed class action lawsuit that alleges the restaurant “lost control over its computer network” in March 2024 amid a “foreseeable” data breach believed to have impacted thousands of current and former employees.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 28-page Arby’s data breach lawsuit against franchisee DRM, Inc. says the company, after an internal investigation, learned that current and former employees’ names, Social Security numbers, driver’s license numbers, passport numbers and workers’ comp details were among the information accessed without authorization.

Though the cyberattack reportedly occurred around March 12 of this year, the Arby’s franchisee waited until roughly April 17, more than a month later, to notify data breach victims, the filing says. In its data breach notice, DRM “obfuscated” the nature of the incident, as it refused to disclose to employees how many people were impacted, how the breach happened, or why it took more than a month for the company to notify victims, the lawsuit says.

The case blames the Arby’s franchisee data breach on “negligence and inadequate cyber security [sic] measures” on the restaurant’s part, as it allegedly failed to safeguard the employee data it collects and maintains.

“The exposure of one’s [personal information] to cybercriminals is a bell that cannot be unrung,” the complaint reads. “Before the Data Breach, the private information of Plaintiff and the Class was exactly that—private. Not anymore. Now, their private information is permanently exposed and unsecure.”

According to the suit, the Arby’s franchisee's cyber and data security systems were “completely inadequate” to keep intruders out. Though it mentioned in its notice that it would reinforce its cybersecurity practices and review its systems going forward, the Arby’s franchisee has failed to expand on the apparent enhancements and reinforcements it claims it will implement, the complaint says.

The case stresses that even with the offer of several months of credit monitoring services, Arby’s data breach victims still face a significant risk of identity theft and fraudulent activity.

A representative from Inspire Brands has informed ClassAction.org that no corporate Arby's locations were impacted by the data breach.

The Arby’s data breach lawsuit looks to cover all United States residents whose personally identifiable information was compromised in the Arby’s franchisee data breach, including all those who received notice about the incident.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.