Hackers broke into Wendy’s computer systems and stole data from potentially millions of cards used at its restaurants between 22 October 2015 and 10 March 2016.

Now, according to the Courthouse News Service, Pittsburgh-based First Choice Federal Credit Union has filed a suit on behalf of banks with affected customers claiming that the burger chain “refused to take steps to adequately protect its computer systems from intrusion.”

The suit claims that Wendy’s used outdated computer and credit card systems and did not meet data security-related regulations and guidelines set by several federal agencies. Among the failures listed is missing the October 2015 deadline for migrating to EMV.

“Despite the growing threat of computer system intrusion, Wendy’s systematically failed to comply with industry standards and protect payment card and customer data,” says the suit.

“As a result of Wendy’s data breach, plaintiff and class members have been forced to cancel and reissue payment cards, change or close accounts, notify customers that their cards were compromised, investigate claims of fraudulent activity, refund fraudulent charges, increase fraudulent monitoring on potentially impacted accounts, and take other steps to protect themselves and their customers.”