follow-up: Restaurant group settles privacy case for $110, 000

[security curmudgeon <jericho () attrition org>]

http://www.boston.com/business/ticker/2011/03/restaurant_grou.html

Restaurant group settles privacy case for $110,000
March 28, 2011 01:10 PM
By Jenn Abelson, Globe Staff

The Briar Group LLC, which runs Ned Devine's, the Green Briar, The Lenox, 
and other popular restaurants, has agreed to pay $110,000 to resolve 
allegations that the Boston chain failed to take reasonable steps to 
protect diners' personal information and put at risk the information on 
tens of thousands of credit and debit cards.

The settlement stems from a lawsuit filed by Massachusetts Attorney 
General Martha Coakley over a data breach the Briar Group suffered in 
April 2009. Malcode was apparently installed on the company's computer 
systems that allowed hackers to access to customers. credit and debit card 
information, including names and account numbers. The malcode was not 
removed from the Briar Group.s computers until December 2009.

The lawsuit filed in Suffolk Superior Court also alleges that the Briar 
Group failed to change default usernames and passwords on its 
point-of-sale computer system; allowed multiple employees to share common 
usernames and passwords; failed to properly secure its remote access 
utilities and wireless network; and continued to accept credit and debit 
cards from consumers after Briar knew of the data breach.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/