Blog

Expensive Dish!

The Massachusetts Attorney General's Office issued a press release, outlining the details of its data breach settlement agreement with The Briar Group, which owns and operates a number of popular Boston-area restaurants:

The Massachusetts Attorney General's Office issued a press release, outlining the details of its data breach settlement agreement with The Briar Group, which owns and operates a number of popular Boston-area restaurants: According to the lawsuit, filed in Suffolk Superior Court, the Briar Group experienced a data breach in April 2009, when malcode that was installed on Briar’s computer systems allowed hackers access to customers’ credit and debit card information, including names and account numbers. The malcode was not removed from the Briar Group’s computers until December 2009. The judgment, signed on March 28, 2011, by Suffolk Superior Court Judge Giles, requires a payment to the Commonwealth of $110,000 in civil penalties; compliance with Massachusetts data security regulations; compliance with Payment Card Industry Data Security Standards; and the establishment and maintenance of an enhanced computer network security system. Although the data breach occurred prior to the effective date of the Massachusetts data security regulations, the data security standards set forth in the regulations were used in the settlement. It's pretty interesting that the settlement terms were based on the current laws that weren't in place at the time of the breach. Just imagine if MA 201 CMR 17 was in effect! At a potential penalty of $5000 per record, I'd bet The Briar Group probably would have ended up dishing out more than the $110,000 that they settled with...