Captiva MVP Restaurant Partners, LLC, which operates PDQ restaurants, is the defendant in a proposed class action lawsuit alleging that the restaurant was negligent in protecting consumer data, leading to a months-long security breach where payment card data was stolen by hackers. Customers who made payment card purchases at PDQ restaurants between May 19, 2017 and April 20, 2018 were made vulnerable due to an undetected hacker, the suit says. As a result of the security breach, customers’ financial information was stolen.
The vulnerability of point-of-sale (POS) systems is well-known in the retail and restaurant industries due to companies suffering widespread security breaches in the past several years, the complaint says. As a result, federal and state governments have recommended security measures for businesses to adhere to while technology evolves. For example, the Federal Trade Commission recommends that companies use complex passwords and regularly monitor for suspicious activity, the suit notes. The case argues that PDQ was negligent and reckless because it could have prevented the security breach by adapting to new data security standards. The plaintiff further alleges that PDQ's failure to adopt newer, safer technology was a financially driven decision.
The plaintiff seeks compensation for damages such as unauthorized charges, theft of personal information, and loss of productivity.