Restaurant Chain Must Pay $110,000 for Data Breach
A Boston-area restaurant company was fined $110,000 for failing to patch a security hole that resulted in the electronic theft of credit card information from tens of thousands of customers. It is the first penalty levied under the state's new data privacy act.
According to a lawsuit filed by Massachusetts Attorney General Martha Coakley, The Briar Group LLC neglected to remove malicious software from its computer systems, an oversight that enabled computer hackers to access customers' credit and debit card data between April Dec. 2009.
When consumers use their credit and debit cards at Massachusetts establishments, they have an expectation that their personal information will be properly protected, Coakley said in a press release. In this instance, the Briar Group did not take proper protections to protect customers' personal information.
The complaint, filed in Suffolk Superior Court, alleged that the Briar Group did not change default usernames and passwords on its point-of-sale computer system, failed to secure its wireless network and continued to accept credit and debit card payments from consumers after the company was aware of the security breach.
In addition to the $110,000 fine, The Briar Group was ordered to develop a security password management system and implement stronger data security measures.
The Briar Group owns and operates several popular Boston bars and restaurants, including The Lenox, Ned Devine's and The Harp. It is the first company to be penalized under Massachusetts' data privacy law 201 CMR 17, which took effect March 1, 2010.
- FBI Probes Hackers Stealing Celebrity Nude Photos
- Tech Travel Tip: Assume Your Devices Will Be Compromised
- Security and Privacy Software Reviews