MA Data Breach Law Action

[Henry Brown <hbrown () knology net>]

  From Threat Post http://goo.gl/hSYqb

UPDATE: A Massachusetts restaurant chain was the first company fined 
under the state's toughest in the nation data breach law and will have 
to pay $110,000 in penalties, according to a statement by the 
Massachusetts Attorney General. The Briar Group LLC entered into a 
settlement with Massachsuetts Attorney General Martha Coakley over 
allegations that the chain failed to protect patrons' personal 
information. The case stemmed from an April, 2009 incident in which a 
malicious program installed on Briar's computer systems allowed unknown 
hackers to access customers' credit and debit card information. That 
malicious code wasn't detected and removed until December, 2009, 
according to a statement from the Attorney General.

In the wake of the breach, the company - which owns and operates a 
number of bars and restaurants in the Boston area - didn't take 
reasonable steps to secure its infrastructure. Briar Group failed to 
change employee login information for point of sale terminals and 
continued to accept credit and debit cards from customers even after it 
learned of the breach.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/