BreachExchange mailing list archives
MA Data Breach Law Action
From: Henry Brown <hbrown () knology net>
Date: Wed, 30 Mar 2011 12:45:24 -0500
From Threat Post http://goo.gl/hSYqb UPDATE: A Massachusetts restaurant chain was the first company fined under the state's toughest in the nation data breach law and will have to pay $110,000 in penalties, according to a statement by the Massachusetts Attorney General. The Briar Group LLC entered into a settlement with Massachsuetts Attorney General Martha Coakley over allegations that the chain failed to protect patrons' personal information. The case stemmed from an April, 2009 incident in which a malicious program installed on Briar's computer systems allowed unknown hackers to access customers' credit and debit card information. That malicious code wasn't detected and removed until December, 2009, according to a statement from the Attorney General. In the wake of the breach, the company - which owns and operates a number of bars and restaurants in the Boston area - didn't take reasonable steps to secure its infrastructure. Briar Group failed to change employee login information for point of sale terminals and continued to accept credit and debit cards from customers even after it learned of the breach. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- MA Data Breach Law Action Henry Brown (Mar 30)