The Briar Group, which runs Ned Devine’s, the Green Briar, the Lenox,
and other popular restaurants, has agreed to pay $110,000 to resolve
allegations that the Boston chain failed to take reasonable steps to
protect diners’ personal information and put at risk tens of thousands
of credit and debit card accounts.
The settlement stems from a lawsuit filed by Massachusetts Attorney
General Martha Coakley over a data breach the Briar Group suffered in
April 2009. Briar’s failure to implement basic data security measures
enabled hackers to access customers’ credit and debit card
information, including names and account numbers, according to the
lawsuit. The hackers’ malware — malicious software designed to
infiltrate computer systems — that caused the security problems was
not removed from the company’s computers until December 2009.
The lawsuit filed in Suffolk Superior Court also alleges that the
Briar Group failed to change default usernames and passwords on its
point-of-sale computer system; allowed multiple employees to share
common usernames and passwords; failed to properly secure its remote
access utilities and wireless network; and continued to accept credit
and debit cards from consumers after Briar knew of the data breach.
“The Briar Group is committed to high-quality customer service at all
of our restaurants. We take the security of our customer’s credit card
information very seriously and therefore respond aggressively to any
concerns that are brought to our attention,’’ the restaurant chain
said in a statement. “We believe the agreement we have entered into
with the attorney general’s office achieves our shared goal of
ensuring that our customers can use their credit cards with confidence
in the security of their data.’’
But the Briar Group added in its statement that it believes it chain
acted immediately once it was informed of the possible breach.
“We took immediate and aggressive action steps, including: informing
the major credit card companies of the potential breach, working with
the nation’s leading data security company to identify any weaknesses
in our data systems and make system upgrades to further secure
customer data and cooperating with a federal investigation into this
matter,’’ the statement said. “We are confident that customers dining
at one of our restaurants can safely use their credit cards.’’
Under the terms of the settlement, the Briar Group must pay the
Commonwealth $110,000 in civil penalties; comply with state data
security regulations and Payment Card Industry Data Security
Standards; and maintain an enhanced computer network security system.
“When consumers use their credit and debit cards at Massachusetts
establishments, they have an expectation that their personal
information will be properly protected,’’ Coakley said in a statement.
“In addition to the payment, this agreement also works to ensure that
steps have been taken to protect consumer information moving
forward.’’
No comments:
Post a Comment