Continuing the trend of filing a shareholders derivative suit following a data breach, a Wendy’s shareholder recently filed a derivative suit against Wendy’s executives and board members alleging they did not adequately protect data from a breach.
According to the suit, the executives and board members breached their fiduciary obligations to the shareholders by making poor security decisions, failing to implement effective internal data security practices and failing to properly report the scope of the data breach.
The suit criticizes the implementation of the Aloha point-of-sale system which it alleges was inadequate and full of vulnerabilities.
The suit criticized Wendy’s transparency about the breach. Although the breach was disclosed in January but didn’t report on how many stores were impacted until May. At that time, it reported that the breach affected 300 Wendy’s franchises. That estimate was then increased to 1,025 in July.
The suit complains that as a result of the lax security measures, Wendy’s has wasted corporate assets by incurring liability for legal costs, penalties, fines and fees to defend lawsuits. Several proposed class action suits have been filed against Wendy’s since the breach.
The suit also alleges that defendants wasted corporate assets and that they unjustly enriched themselves and seeks an accounting disgorgement of profits and benefits earned by the defendants.
The suit seeks an order requiring Wendy’s to reform its corporate governance and data security practices.