We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss.

On March 21, 2017, the Court dismissed some of the claims, but found that the plaintiffs were able to demonstrate injury to prove standing because the named plaintiff could show that he had to pay a $3 late fee when he was unable to pay his utility bill on time because of the data breach. Six additional plaintiffs were added who allege that their payment card data and personal information was compromised and as a result, they suffered actual harm when they were unable to cash in reward points or cash-back rewards while they waited for replacement cards to be issued.

The Judge found that these allegations were “injuries sufficient at this stage to plead standing” and that they were particularized and concrete injuries to allow the case to move forward.

The Judge also allowed the plaintiffs’ negligence and breach of implied contract claims to move forward. The Judge didn’t buy the plaintiffs’ allegations of violations of the consumer protection laws of Florida, New York, New Jersey, Mississippi, Tennessee and Texas, the Court dismissed them, but is allowing the plaintiffs to replead the consumer protection claims.

In a parting shot, the Court stated: “[T]he privacy of consumers remains extremely important, and retailers such as Wendy’s need to be held accountable to consumers when they accept and store important private information of consumers, and then fail to protect that information [from] hackers who seek to exploit the information for their own illicit gain.”