XML 29 R17.htm IDEA: XBRL DOCUMENT v3.8.0.1
Commitments and Contingencies
 3 Months Ended
Apr. 03, 2018
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies Commitments and Contingencies
Data Security Incident
Overview
On June 28, 2016, the Company announced that a data security incident compromised the security of the payment information of some customers who used debit or credit cards at certain Noodles & Company locations between January 31, 2016 and June 2, 2016. The malware involved in the incident has been removed, and the Company believes that it no longer poses a risk to credit or debit cards currently being used at affected locations. The Company continues to implement additional security procedures to further secure customers’ debit and credit card information.
Card Company Assessments
In the fourth quarter of 2016, the Company recorded a charge of $10.6 million for estimated losses, at the low end of an estimated range, associated with claims and anticipated claims by payment card companies for non-ordinary course operating expenses, card issuer losses and card replacement costs for which it expects to be liable (the “Data Breach Liabilities”). However, the Company may ultimately be subject to Data Breach Liabilities that are up to $5.5 million greater than that amount.
Fees and Costs
The Company has incurred fees and costs associated with this data security incident, including legal fees, investigative fees, other professional fees and costs of communications with customers. The Company expects to continue to incur significant fees and costs associated with the data security incident in future periods, consisting primarily of liabilities to a payment card company that are not covered by insurance for which the Company has already recorded a charge of $10.6 million of which a portion remains to be paid (see Note 2, Supplemental Financial Information).
Insurance Coverage
As discussed above, to limit its exposure to losses arising from matters such as the data security incident, the Company maintained at the time of the incident and continues to maintain data privacy liability insurance coverage. This coverage, and certain other customary business insurance coverage, has reduced the Company’s exposure related to the data security incident.
General
It is possible that losses associated with the data security incident could have a material adverse effect on the Company’s results of operations in future periods. The Company will continue to evaluate information as it becomes known and will record an estimate for additional losses at the time or times when it is probable that an additional loss, if any, will be incurred and the amount of any such loss is reasonably estimable.
Delaware Gift Card Litigation
As previously disclosed in prior reports filed with the SEC, the Company is named as a defendant in an action filed in the Superior Court of Delaware in New Castle County (the “Court”), entitled The State of Delaware, William French v. Card Compliant, LLC, et. al. The case was filed under seal in June 2013 and was unsealed on March 26, 2014. The complaint in this case alleges that a number of large retailers and restaurant companies, including the Company, knowingly refused to fulfill obligations under Delaware’s Abandoned Property Law by failing to report and deliver “unclaimed gift card funds” to the State of Delaware, and knowingly made, used or caused to be made or used, false statements and records to conceal, avoid or decrease an obligation to pay or transmit money to Delaware in violation of the Delaware False Claims and Reporting Act. The complaint seeks an order that the Company cease and desist from violating the Delaware Abandoned Property Law, monetary damages (including treble damages under the False Claims and Reporting Act), penalties and attorneys’ fees and costs. On November 23, 2015, the Court ruled on a motion to dismiss the complaint. While the Court granted the motion to dismiss with respect to a claim alleging that the defendants intended to defraud the government or willfully concealed property owed to the government and for which a certificate or receipt was provided, it did not dismiss the other claims alleging that the defendants knowingly made false statements to avoid transmitting money to the government. The defendants filed a motion for summary judgment in the case, which was denied on April 30, 2018. The trial date with respect to this matter is now set for September 10, 2018. In 2015 the Company recorded a loss contingency accrual based on a reasonable estimate of the probable losses that might arise from this matter; this loss contingency accrual did not have a material effect on our results of operations. However, the Company may ultimately be subject to greater losses resulting from the litigation. The Company intends to continue to vigorously defend this action.
Other Matters
In the normal course of business, the Company is subject to other proceedings, lawsuits and claims. Such matters are subject to many uncertainties, and outcomes are not predictable with assurance. Consequently, the Company is unable to ascertain the ultimate aggregate amount of monetary liability or financial impact with respect to these matters as of April 3, 2018. These matters could affect the operating results of any one financial reporting period when resolved in future periods. The Company believes that an unfavorable outcome with respect to these matters is remote or a potential range of loss is not material to its consolidated financial statements. Significant increases in the number of these claims, or one or more successful claims that result in greater liabilities than the Company currently anticipates, could materially and adversely affect its business, financial condition, results of operations or cash flows.