Yesterday, that Massachusetts Attorney General’s Office announced a settlement with the Briar Group LLC, which operates several restaurants and bars including The Lenox, MJ O’Connor’s, Ned Devine’s, The Green Briar, and The Harp in the Boston area, to resolve allegations that the Briar Group failed to take reasonable steps to protect its patrons’ personal information.
The complaint alleges that the restaurant group suffered a data breach in April 2009. Hackers were able to access customers’ credit and debit card information, including names and account numbers, through malcode that was installed on the Briar Group’s computer systems. The malcode was not removed until December 2009. The complaint also alleges that the Briar Group had insufficient security protections in place, such as allowing multiple employees to share commons usernames and passwords and failing to properly secure its wireless network.
The settlement requires (1) a payment to the Commonwealth of $110,000 in civil penalties; (2) compliance with Massachusetts data security regulations; (3) compliance with Payment Card Industry Data Security Standards; and (4) the establishment and maintenance of an enhanced computer network security system.