Five Guys Hit with Class Action Over September 2022 Data Breach [UPDATE]
Last Updated on February 29, 2024
Turner v. Five Guys Enterprises, LLC
Filed: January 11, 2023 ◆§ 1:23-cv-00040
A class action claims Five Guys failed to prevent a 2022 data breach that exposed personal information belonging to thousands of job applicants and current and former employees.
February 29, 2024 – Five Guys Data Breach Settlement Website Is Live
The official website for the Five Guys data breach settlement is live and can be found at FGDataSettlement.com.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The deadline to file a claim online or by mail is May 6, 2024. To submit a claim online, visit this page and enter the notice ID and confirmation code you received in your personalized settlement notice.
If you did not receive a Five Guys data breach settlement notice but believe you are a settlement class member, the website instructs you to call 1-833-657-4055 to verify your identity and receive further information on how to file a claim.
Class members can also download a claim form and send it in by mail to the address found on this page.
Payments will be distributed to those who submit a timely, valid claim after the deal receives final approval from the court and any appeals or objections are resolved. A final approval hearing is scheduled to take place on July 12, 2024.
More details on the deal, including what kind of benefits it will provide, can be found in the update below.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
January 17, 2024 – $700K Five Guys Data Breach Lawsuit Settlement Approved by Federal Judge
A proposed settlement whereby Five Guys agreed to pay $700,000 to resolve the suit detailed on this page and several related data breach cases was preliminarily approved by the court on January 4, 2024.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The deal covers anyone to whom Five Guys sent a notice of the security incident—estimated to be nearly 38,000 people, the settlement agreement says.
The plaintiffs first notified the court of the agreement with Five Guys and filed an unopposed motion and attendant memo detailing the terms of the deal on December 21, 2023. The parties now await final approval of the settlement terms from United States District Judge Claude M. Hilton.
According to the settlement agreement, Five Guys will pay $700,000, which will be distributed among eligible class members who file timely, valid claims. The judge’s 10-page preliminary approval order notes that, to receive a share of the settlement fund, a class member must file a claim form online or by mail by May 6, 2024.
Per the agreement, eligible class members may submit a claim for “ordinary” out-of-pocket losses—that is, costs incurred since September 17, 2022 in response to and as a result of notice of the data breach—for up to $400 per person. These class members may also submit a claim for up to four hours of time spent remedying issues related to the incident, at a rate of $25 per hour, the document shares.
In addition, the agreement states that individuals who believe they have suffered identity theft, fraud or other serious damages not covered by the “ordinary” reimbursement category since September 17, 2022 may submit a claim for “extraordinary” out-of-pocket losses, for up to $6,500 per individual. The document further relays that these class members can submit a claim for up to three additional hours of time spent remedying issues related to the Five Guys data breach, at the same $25-per-hour rate.
In lieu of reimbursement for out-of-pocket losses, consumers may choose to receive a cash payment of $150, the settlement agreement says. Per the document, class members in California can also make a claim for an additional cash payment of $100, on top of any other relief. All payments will be increased or decreased on a pro rata basis, the agreement adds.
As part of the deal, and in addition to all other forms of relief, class members can elect to enroll in two years of identity theft protection and credit monitoring services. Five Guys has also agreed to maintain certain cybersecurity protocols and declare any business practice changes implemented following the data breach for a period of three years, the document says.
A final approval hearing is scheduled for July 12, 2024. Per the judge’s order, notice of the settlement will be sent out to class members by February 5.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action claims burger restaurant chain Five Guys failed to prevent a September 2022 data breach that exposed personally identifiable information belonging to thousands of job applicants and current and former employees.
The 38-page case alleges Five Guys failed to properly secure and safeguard sensitive data stored on its network and allowed an unknown actor to access files containing employees’ and applicants’ unencrypted names and Social Security numbers on September 17 of last year. Per the suit, Five Guys left itself vulnerable to the cyberattack by failing to comply with minimum industry standards for cybersecurity, even though it is a large, “sophisticated enterprise” with the resources to invest in adequate data security measures.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
Moreover, the case says, a substantial increase in data breaches in recent years, especially at other industry-leading companies, should have motivated Five Guys to better protect its electronic records.
As a result of the data breach, victims now face a lifetime risk of identity theft, as well as “anxiety, emotional distress, loss of privacy,” and out-of-pocket expenses associated with fraud and abuse, the complaint contends. The case also stresses that victims’ information may be traded on the cyber black market, where stolen identity credentials are in high demand, and consequential fraudulent activities may not transpire for years.
The lawsuit also explains that the harm done to victims has been exacerbated by Five Guys’ slow disclosure of the incident. The suit says that Five Guys learned of the data breach on September 17 but did not notify victims or the proper authorities until three months later, on December 29. Although Five Guys admitted that the compromised files had been “improperly stored,” the letter did not mention the root cause of the breach or which specific vulnerabilities had been exploited, the filing alleges.
According to the complaint, Five Guys has offered affected individuals one year of credit monitoring and identity theft protection, which they must enroll in by March 29, 2023.
“In offering such identity monitoring services Defendant recognized Plaintiff’s and Class Members’ need to protect their identities as a result of the Data Breach, yet, the offered services are inadequate to protect Plaintiff and Class Members from the threats they face presently and for years to come, particularly in light of the sensitive [personally identifiable information] at issue here,” the case reads.
The lawsuit looks to represent anyone in the United States whose personally identifiable information was compromised in the data breach first announced by Five Guys on or about December 29, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.