Honolulu Star-Advertiser

Wednesday, December 4, 2024 81° Today's Paper


Hawaii NewsTop News

Zippy’s settles class-action lawsuit over data breach

STAR-ADVERTISER / 2012

A Zippy’s restaurant on Vineyard Boulevard.

Zippy’s Restaurants has settled a class-action lawsuit involving a breach of credit and debit card systems over four months from Nov. 23, 2017 to March 29.

The company alerted its customers April 27 of the data breach at its 25 restaurants, Napoleon’s Bakery, Kahala Sushi and Pearl City Sushi locations. It also said cards used to buy drinks at Dole Cannery Pomaikai Ballrooms also may have been affected.

Two people, who say they were victims of fraudulent charges after the breach, filed the complaint against Zippy’s owner FCH Enterprises Inc.

Oahu resident Joshua Bokelman said in the lawsuit that he used his debit card nearly exclusively at Zippy’s Express in the Waimalu Shopping Center and incurred more than $300 in fraudulent debit card charges since the breach. Suchandra Thapa of Illinois said he used his credit card at Zippy’s McCully on Feb. 4 and fraudulent charges appeared 17 days later.

An investigation by the Federal Bureau of Investigation discovered that FIN7, an international criminal group responsible for hacking national restaurants and retailers, had accessed card information from the popular local restaurant chain.

Zippy’s said it has improved system security and monitoring of payment processing, among other changes, to prevent a future incident.

“Zippy’s is committed to making things right for our customers impacted by this incident,” said Paul Yokota, president of FCH Enterprises, in a news release. “While we’re grateful that no personal information was exposed in the attack, we continue to recommend that customers closely monitor their credit or debit card statements, and immediately contact their bank or financial institution if they identify any suspicious activity.”

U.S. customers who used a credit or debit card during the breach period may file a claim. The amount paid depends on whether patrons can prove unauthorized charges “plausibly connected to the security incident” and on how many people submit valid claims.

Following the deadline to submit a claim on June 2, Zippy’s will donate any unclaimed settlement funds to Cyber Hawaii, a local nonprofit that works to mitigate cyber risk. For more information or to file a claim go to zippyssettlement.com or call 888-906-2033.

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines. Having trouble with comments? Learn more here.