A customer of P.F. Chang's has accused the restaurant chain that serves Chinese-inspired cuisine of failing to protect millions of customers' credit and debit card information from a recent data breach.
On behalf of himself and all others similarly situated, John Lewert filed a proposed class action lawsuit June 25 in Chicago's federal court against P.F. Chang's China Bistro Inc., alleging it failed to take adequate measures to protect customers’ credit and debit card data from theft and timely disclose the data breach.
Lewert claims while P.F. Changs claims it only found out about the data breach on June 10, two days before it informed customers, he believes the breach likely started in September 2013 and potentially affected nearly seven million customers.
“P.F. Chang’s security failures enabled hackers to steal financial data from within P.F. Chang’s systems and…subsequently make unauthorized purchases on customers’ credit cards and otherwise put class members’ financial information at serious and ongoing risk,” Lewert's suit states.
Represented by Joseph J. Siprut, Gregg M. Barbakoff and Gregory W. Jones of Siprut P.C. in Chicago, Lewert alleges breach of implied contract, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act.
Lewert asserts he used a debit card to make a purchase at the P.F. Chang’s in Northbrook on April 3. As a result, he contends, he entered into an implied contract with P.F. Chang’s for the adequate protection of his debit card information, and then had his sensitive financial information exposed as a result of P.F. Chang’s inadequate security.
He further contends the hackers continue to use the information they obtained as a result of P.F. Chang’s inadequate security to exploit and injure him, as well as other members of the potential class located across the nation.
The suit alleges the security breach was caused and enabled by P.F. Chang’s knowing “violation of its obligations to abide by best practices and industry standards in protecting customers’ personal information.”
“P.F. Chang’s failed to comply with security standards and allowed their customers’ financial information to be compromised, all in an effort to save money by cutting corners on security measures that could have prevented or mitigated the security breach that occurred,” Lewert asserts in his suit.
The chain, according to the suit, also failed to disclose the extent of the security breach and notify its affected customers in a timely manner.
In seeking compensatory and punitive damages, as well as pre-and post- judgment interest, Lewert's suit states P.F. Chang’s customers were injured by the data breach because they suffered monetary losses associated with unauthorized bank account withdrawals and costs associated with identity theft.
The suit seeks certification of two proposed classes: one for anyone living in the U.S. who used a debit or credit card to make purchases at a P.F. Chang's restaurant between Sept. 18, 2013 and June 10, 2014, and another for anyone who did so and lives in states with consumer fraud laws, like Illinois.
Lewert's suit has been assigned to U.S. District Judge John Darrah.
P.F. Chang's Bistro Inc. is a Delaware corporation that owns and operates more than 200 restaurants in the U.S. under its Bistro brand, as well as 170 more under its Pei Wei brand, according to the recently-filed suit.
P.F. Chang's is the latest corporation facing lawsuits over a date breach. In January, Neiman Marcus and Michaels Stores Inc. were accused of failing to take reasonable precautions to safeguard their customers’ credit and debit card data.
And in December, lawsuits were filed against Target following a major data breach that occurred over the Christmas-shopping period last year. The U.S. Judicial Panel on Multidistrict Litigation consolidated class action lawsuits over the Target breach in April and assigned the matter to a Minnesota federal court.
This story was first posted on LegalNewsline.