Tag: Charlotte data breach

A North Carolina federal judge has tossed out a proposed class-action lawsuit by former Bojangles employees who claim the Charlotte-based fast-food chain failed to protect their personal information from a February 2024 data breach.

Judge Kenneth Bell dismissed the complaint on Tuesday, which was filed by nine employees in January in the U.S. District Court for the Western District of North Carolina in Charlotte.

The data breach occurred last year between Feb. 19 and March 12, exposing data of thousands of current and former employees, such as names, social security numbers, driver’s license numbers, and health information.

After Bojangles discovered the breach, the plaintiffs claimed the company kept employees “in the dark” by notifying them on Nov. 19, which was 274 days after the data breach began. This delay provided limited time for them to protect their personal information, they argued.

A group of cybercriminals, identified as “Hunters,” obtained 387,025 files and more than 290 gigabytes worth of information, according to the lawsuit.

The nine plaintiffs, from the Carolinas, Tennessee, and Texas, said that on behalf of other employees impacted by the incident, they suffered damages including identity theft, emotional distress, and loss of money for credit monitoring. One plaintiff claimed their debit card was allegedly used for $80 in fraudulent charges.

Bojangles offered credit monitoring and identity restoration services to employees for a year after the incident.

The former employees sought monetary damages and a court order requiring Bojangles to strengthen its data security to better protect their personal information. Plaintiffs demanded a jury trial to obtain compensation for damages and cover legal costs.

But that request was denied after Bell granted Bojangles’ motion to dismiss the case. Bell concluded that the plaintiffs failed to show that their data was misused as a result of the breach. The court relied on the Supreme Court decision in TransUnion LLC v. Ramirez, which requires each person suing to prove they were actually harmed.

The court also ruled that claims such as fear about possible identity theft, an increase in spam calls or emails not clearly linked to the breach, and time spent or stress caused by the incident were not sufficient to allow the lawsuit to proceed.

Lawyers for the plaintiffs did not respond to a request for comment as of Thursday.

Bojangles declined to provide a comment about the case.

The chain, known for its Southern chicken and biscuits, was founded in 1977 and has more than 800 restaurants across the U.S. and a location in Honduras, according to its website.