The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Massachusetts AG Announces $110,000 Settlement in Restaurant Data Breach

Leave a comment

Yesterday, that Massachusetts Attorney General’s Office announced a settlement with the Briar Group LLC, which operates several restaurants and bars including The Lenox, MJ O’Connor’s, Ned Devine’s, The Green Briar, and The Harp in the Boston area, to resolve allegations that the Briar Group failed to take reasonable steps to protect its patrons’ personal information. 

The complaint alleges that the restaurant group suffered a data breach in April 2009.  Hackers were able to access customers’ credit and debit card information, including names and account numbers, through malcode that was installed on the Briar Group’s computer systems.  The malcode was not removed until December 2009.  The complaint also alleges that the Briar Group had insufficient security protections in place, such as allowing multiple employees to share commons usernames and passwords and failing to properly secure its wireless network.

The settlement requires (1) a payment to the Commonwealth of $110,000 in civil penalties; (2) compliance with Massachusetts data security regulations; (3) compliance with Payment Card Industry Data Security Standards; and (4) the establishment and maintenance of an enhanced computer network security system.

Author: Heather Enlow-Novitsky

VP, Assistant General Counsel, Bank of America Merchant Services

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s