$110,000 Fine Is First Under MA Data Privacy Law

← Back to Stories (view on slashdot.org)

$110,000 Fine Is First Under MA Data Privacy Law

Posted by timothy on Tuesday March 29, 2011 @11:14AM from the good-start dept.

chicksdaddy writes "A Massachusetts restaurant chain was the first company fined under the state's toughest-in-the-nation data breach law, according to a statement by the Massachusetts Attorney General. The Briar Group, which owns a number of bars and restaurants in Boston, is charged with failing to protect patrons' personal information following an April, 2009 malware infestation. It was ordered to pay $110,000 in penalties and, essentially, get its *&@! together. Among the revelations from the settlement: Briar took six months to detect and remove the data stealing malware, continuing to take credit and debit cards from patrons even after learning of the data breach, said Massachusetts Attorney General Martha Coakley."

72 of 97 comments (clear)

Min score:

Reason:

Sort:

That company should move to Texas by Anonymous Coward · 2011-03-29 11:18 · Score: 1

In Texas companies are encouraged to poison and steal from their customers.
Malware, Natural Gas Fracking, Pollution
Rick Perry invites you all to use Texas as a dumping ground for the byproducts of corporate greed.
We've even changed our motto to "Mess with Texas"
1. Re:That company should move to Texas by theillien · 2011-03-29 11:52 · Score: 1
  
  At one point I submitted the suggestion that they change it to "Messed Up Texas", but no one knew what I was talking about.
2. Re:That company should move to Texas by sumdumgai · 2011-03-30 04:50 · Score: 1
  
  We also have a $27 billion budget deficit, a governor that lives in a rented mansion paid for by the taxpayers, a kangaroo court system, and fundamentalist revised history books. Yay Texas!
  
  --
  âoeIn theory, theory and practice are the same. In practice, they are not." â Albert Einstein
Did they use... by taktoa · 2011-03-29 11:24 · Score: 1

Norton Antivirus 2003?
1. Re:Did they use... by taktoa · 2011-03-29 13:20 · Score: 1
  
  Anything that increases Linux market share is nice... besides, Outlook has no place in a business, one could use Gmail (or even a generic webmail) and mitigate the security risk.
2. Re:Did they use... by GameboyRMH · 2011-03-30 00:34 · Score: 2
  
  As much as Outlook sucks major ass, is switching from in-house email to hosted email a positive step for privacy and security?
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
3. Re:Did they use... by GameboyRMH · 2011-03-30 00:40 · Score: 1
  
  Look I'm not going to say Linux is perfect. I'm just going to say that if this business was a Linux environment, malware would be a mostly theoretical threat, like your car spontaneously bursting into flames. Sure it could happen, but...you can be pretty sure it's not gonna happen.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Lesson... by mysidia · 2011-03-29 11:31 · Score: 1

When visiting a bar or restaurant, bring cash.
Or pre-paid debit card you keep with only a small amount loaded on it.
Minimize the use of CCs and checking/loan-account-linked cards
1. Re:Lesson... by Anonymous Coward · 2011-03-29 11:46 · Score: 1
  
  When visiting a bar or restaurant, bring cash.
  or grocery stores... seriously, walmart, small chains, large chains. It doesn't matter.
  If the point of sale system is maintained by people in the point of sale business.... RUN.
  These guys moved into computers from maintaining hardware registers. my grandmother knows more about data security than most of them.
  The worst part is when they do accidentally hire a computer specialist, they fire them for not "getting it", then get the government/major POS software vendor to throw the book at you for being an "unlicenced/unsupported/competent" support vendor....
  YAY.
2. Re:Lesson... by Anonymous Coward · 2011-03-29 11:47 · Score: 1
  
  Why would I go through all that trouble to protect my bank's liability? My money is not at risk of credit card fraud. The banks have lost several thousand dollars due to poor security that resulted in my accounts being compromised previously. I continue to not take any additional effort towards security when a picture of a piece of plastic is all that's necessary to steal money from them... not my problem.
3. Re:Lesson... by LordNimon · 2011-03-29 11:48 · Score: 4, Insightful
  
  Why should I? If there are any fraudulent charges, my credit card company will reverse them. Constantly reloading a debit card is a big hassle, and carrying around that much cash with me is unsafe.
  
  --
  And the men who hold high places must be the ones who start
  To mold a new reality... closer to the heart
4. Re:Lesson... by Ruke · 2011-03-29 11:50 · Score: 4, Insightful
  
  While it is valuable to keep security in mind, I think that you might be taking it a little over the edge. Despite the fact that identity theft does happen, the rate at which it happens is low enough that the benefit of using credit outweighs the risk of having your identity stolen. Keeping an eye on your bank statements, and immediately contacting your bank in the event that any suspicious charges show up,seems to be much more reasonable strategy for 95% of the population than carrying large amounts of cash.
5. Re:Lesson... by couchslug · 2011-03-29 13:24 · Score: 1
  
  That way your tips have better odds of going to your server.
  Nothing wrong with cash at all.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
6. Re:Lesson... by cloudmaster · 2011-03-29 13:42 · Score: 1
  
  Depends on the restaurant; some place have each server log in and take the cards so the tip definitely goes to the right place - and their taxes are easier. Other places, where they just have the cheap card reader separate from the register, may not get stuff properly distributed.
7. Re:Lesson... by hldn · 2011-03-29 14:37 · Score: 1
  
  implying i leave tips.
  
  --
  http://www.accountkiller.com/removal-requested
8. Re:Lesson... by Miseph · 2011-03-29 14:59 · Score: 1
  
  You seem to be under the impression that cash tips are generally logged properly such that taxes can be properly paid.
  That's adorable.
  Speaking of which... good news! The Easter Bunny is coming in just a few more days! Get ready for candy!
  
  --
  Try not to take me more seriously than I take myself.
9. Re:Lesson... by cloudmaster · 2011-03-29 17:20 · Score: 1
  
  I meant easier for the government. I pay taxes on /my/ income, so I'll be damned if I'm gonna leave cash for a waiter just so he can cheat on his. Waiters can just learn to cheat their taxes through abusing the complex tax code like the rest of us.
10. Re:Lesson... by mysidia · 2011-03-29 18:09 · Score: 1
  
  You seem to be under the impression that cash tips are generally logged properly such that taxes can be properly paid.
  Failing to log and properly report the tip income is a crime (tax fraud), and unethical. I believe tips are generally logged properly. If you find reason to believe you have found some organization or person who is an exception, to logging tips properly, file IRS form 3949-A, with the appropriate information.
  The law and the stiff penalties for intentionally disobeying it or negligently failing to keep the required records should be enough to ensure people log and report their tips properly. The IRS also has some special rules for food establishments.
  As an employer, you must ensure that the total tip income reported to you during any pay period is, at a minimum, equal to 8% of your total receipts for that period..
  When the total reported to you is less than 8%, you must allocate the difference between the actual tip income reported and 8% of gross receipts.
11. Re:Lesson... by RajivSLK · 2011-03-29 19:30 · Score: 2
  
  The term identity theft makes me laugh ever since I heard this: http://www.youtube.com/watch?v=CS9ptA3Ya9E
12. Re:Lesson... by GameboyRMH · 2011-03-30 00:43 · Score: 1
  
  Minimize the use of CCs and checking/loan-account-linked cards
  
  Also a good idea because you probably have a Visa or Mastercard, in which case using your credit card is like donating to Satan. But a real Satan, who is less metal and more politically influential.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
13. Re:Lesson... by Miseph · 2011-03-31 04:31 · Score: 1
  
  If I'm going to start busting on tax evaders, I'll dig up dirt on people who already make more than they could spend anyway, the ones with no good excuses or reasons.
  My friends and former coworkers taking shifts waiting tables to make ends meet... nope, they're good.
  
  --
  Try not to take me more seriously than I take myself.
low fine by c_jonescc · 2011-03-29 11:34 · Score: 1

The average ID fraud in 2009 was for over $4000. They had open access to CC details for 8 months! Even the out of pocket expenses per fraud victim is over $600, so if there were 200 victims as a result of this company's lax security, the fine isn't even on par with the individual cost of those affected, which is absurd.

Though, TFA is obscenely light on detail, so it's possible that their security issue actually caused no individual harm and only led to the possibility of harm having occurred. I suspect though that if you're the victim if ID fraud it is impossible to find the one bar (in this case) where your problems nucleated.

Source for numbers: https://www.infosecisland.com/blogview/11823-Identity-Fraud-Cases-and-Costs-Plummeted-Last-Year.html

--
Getting diabetes AND salmonella would be a bad weekend.
1. Re:low fine by Solandri · 2011-03-29 12:32 · Score: 2
  
  The average ID fraud in 2009 was for over $4000. They had open access to CC details for 8 months! Even the out of pocket expenses per fraud victim is over $600, so if there were 200 victims as a result of this company's lax security, the fine isn't even on par with the individual cost of those affected, which is absurd.
  From TFA, it sounds like the only customer info on the compromised system was credit and debit card numbers. Cardholder liability for fraudulent use of their credit card is limited to $50 by U.S. law. Similarly, Massachusetts law limits cardholder liability for debit cards to $50.
  
  So by your reasoning, the fine should have been 200*$50 = $10,000. (From reading TFA it sounds like there were a lot more than 200 victims. But I just wanted to make the point that there's a huge difference between credit card theft and identity theft).
money grab by Charliemopps · 2011-03-29 11:35 · Score: 2

While I applaud the effort to crack down on incompetent business like this... I have to ask... who got the money from the fine? The victims? Doubt it...
1. Re:money grab by ProfM · 2011-03-29 11:42 · Score: 1
  
  In addition, since this is a restaurant, the profit margins are typically thin. A $110,000 fine could be enough to put them under.
2. Re:money grab by ShakaUVM · 2011-03-29 11:47 · Score: 1
  
  >>While I applaud the effort to crack down on incompetent business like this... I have to ask... who got the money from the fine? The victims? Doubt it...
  Anyone that can claim damages from this breech should probably get compensated.
  Though most of the time, you just tell your credit card company certain charges are invalid, and they waive them.
  Credit card companies don't take 2% of every bill for nothing, you know.
3. Re:money grab by bmo · 2011-03-29 11:49 · Score: 2
  
  We, as a society, have chosen fines as a reasonable way to penalize businesses that do things the wrong way. It's not about "making someone whole." It's about exacting punishment to make an example for others and to motivate businesses not to do unwanted behavior.
  So, what's your real problem with this? We should expect businesses to not play silly buggers with credit card information. I'm sorry if I don't shed a tear here.
  --
  BMO
4. Re:money grab by LordNimon · 2011-03-29 11:49 · Score: 1
  
  So? Negligence with customer data is a serious offense. If they do go under, they'll be held up as a warning to others.
  
  --
  And the men who hold high places must be the ones who start
  To mold a new reality... closer to the heart
5. Re:money grab by similar_name · 2011-03-29 12:07 · Score: 1
  
  While I applaud the effort to crack down on incompetent business like this... I have to ask... who got the money from the fine? The victims? Doubt it...
  Generally they would get their money back through their credit card companies or banks. I don't have a problem with the money going into the government like most fines which are punitive in nature.
6. Re:money grab by compro01 · 2011-03-29 12:40 · Score: 1
  
  Though most of the time, you just tell your credit card company certain charges are invalid, and they grab the money from the merchant, which may then get passed to business insurance, if they're lucky
  
  FTFY. If you think the credit card companies pay for fraud, you're crazy. If they actually were having to eat those costs, we might get actual security in this system.
  
  --
  upon the advice of my lawyer, i have no sig at this time
7. Re:money grab by ShakaUVM · 2011-03-29 13:05 · Score: 2
  
  >>FTFY. If you think the credit card companies pay for fraud, you're crazy. If they actually were having to eat those costs, we might get actual security in this system.
  If merchants verified everything they were supposed to, then the financial institution bears the cost of the fraud.
  http://en.wikipedia.org/wiki/Credit_card_fraud#Merchants
8. Re:money grab by Darinbob · 2011-03-29 14:21 · Score: 2
  
  It's a punitive fine. The intent is to hurt enough that the company decides it needs to get on the ball. If the fine is too low then companies in the past have just factored this in as a cost of doing business. Ie, they may feel it's less expensive overall to not pay someone to implement better security.
9. Re:money grab by gcatullus · 2011-03-29 19:19 · Score: 3, Informative
  
  As a merchant I deal with credit credit card chargebacks on a regular basis. All a customer has to say is that is not my charge. We have to send back documentation, such as proof of signature. If the charge happened at the credit card readers at our gasoline dispensers, we have no signature, and we eat the charge. We have even offered to provide the customer or issuing bank with the license plate number and picture of person and vehicle charging, but that means nothing. That is why in many locations you need to enter your zip code at a pay at the pump, this offers some security to the merchant, even though by rule the merchant still must eat the charge if the customer balks.
  Now if the merchant goes tits up or goes bad and steals money from the customers credit cards and can't pay it back, then the merchant's processing ISO is on the hook. The processor isn't Visa/Mastercard or the issuing bank, it is someone like First Data or a myriad of other middle men. The processor gets as little as 3 to 6 cents a transaction, passing the interchange cost to the merchant. The merchant has paid anywhere from 50 cents a transaction to 3% for the convenience of letting a customer pay with credit.The issuing banks and the cartel of Visa/Mastercard are on the hook only if the processor goes under. And even then it is the issuing banks that deal with the customer directly and they are the only ones who can decide to credit or not credit the customer.
  The problem with this system in the United States is that the entities that make money off of credit card transactions, i.e. the issuing banks, have absolutely no incentive to make the system more secure. They do none of the work, other than marketing their credit cards and profiting off of their card holders who use their cards and the merchants who accept their cards
10. Re:money grab by ShakaUVM · 2011-03-29 19:42 · Score: 1
  
  Fascinating, thanks.
  Makes a little more sense why we have to put up with that Verified By Visa crap.
11. Re:money grab by Silverlock · 2011-03-30 03:07 · Score: 1
  
  While I agree that credit card fraud is getting worse and we need to do something, I object to the immediate demonization of the restaurants as 'incompetent'. In this case, the restaurant group is a larger group with more money to play with, but what about single mom-and-pop restaurants? They may be extremely competent at running a restaurant..
  Is it reasonable to suggest that every restaurant or store that takes credit cards must be run by certified network security geeks? No. The reason this is happening is that Visa and Mastercard hold all the cards (no pun intended). They can decide that they are not responsible for anything and who is going to tell them otherwise? Grandma of Grandma's Diner is going to understand the technical issues involved and take Visa down in court? Right.
12. Re:money grab by Aldenissin · 2011-04-05 13:10 · Score: 1
  
  It doesn't really matter who pays, as the cost will be passed onto the customer in the end. The only way to ensure that on the credit card companies is either A. higher processes fees, or B. make the merchant accountable in reality for the most part on fraud. They are smart enough to "hold" the money, so it shouldn't be a surprise that it is both ways.
  
  --
  Like a city whose walls are broken down is a man who lacks self-control.
What is that fine money being used for? by dmomo · 2011-03-29 11:39 · Score: 1

Certainly it doesn't go to the people whose information was handled poorly. Are they even contacted?
5 year old kids reading this? by Haedrian · 2011-03-29 11:41 · Score: 2

"essentially, get its *&@! together."
Yeah, get your special characters together!
1. Re:5 year old kids reading this? by Qzukk · 2011-03-29 12:09 · Score: 1
  
  Previously their password was password. Now they'll need at least one special character, so it'll be password!
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
2. Re:5 year old kids reading this? by DavidD_CA · 2011-03-29 17:07 · Score: 1
  
  Maybe if special characters were used in the firstplace, the systems wouldn't have been so easily hacked. ;)
  
  --
  -David
Goodbye MA Businesses by Randall311 · 2011-03-29 11:45 · Score: 1

I applaud the steps Massachusetts is taking to protect people's personal data, but at some point the fines and fees incurred by businesses here in Massachusetts will be enough to convince them to pack up and move to neighboring states where they can be more profitable. Our governor Deval will claim to have been "blindsided" by this Mass Exodus (pun intended).
1. Re:Goodbye MA Businesses by postbigbang · 2011-03-29 11:49 · Score: 2
  
  And good riddance.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
2. Re:Goodbye MA Businesses by amanicdroid · 2011-03-29 11:57 · Score: 1
  
  and if you expect your man to help you around the house, he's going to find another less-nagging woman. Thanks for the business and relationship advice Good Housekeeping 1957.
3. Re:Goodbye MA Businesses by KhabaLox · 2011-03-29 12:08 · Score: 1
  
  There's no way a small business will be able to afford the type of security required to keep hackers off their systems
  Really? I understand that anti-malware security is somewhat esoteric to the lay-user still, but any business collecting CC details and payments should have the money to invest in either A) a payment service that takes care of securing customer data for them or B) an IT consultant to install free software on their system and give the owner a few hours of training in using and maintaining it.
  
  --
  Ceci n'est pas un sig.
4. Re:Goodbye MA Businesses by fuzzyfuzzyfungus · 2011-03-29 12:39 · Score: 1
  
  Is there any flavor of malfeasance or negligence that we should punish, or do we have to live in constant terror of our precious businesses taking their ball and going home no matter what?
5. Re:Goodbye MA Businesses by bmo · 2011-03-29 13:46 · Score: 1
  
  >Is there any flavor of malfeasance or negligence that we should punish?
  According to the randroid trolls on this topic, none.
  --
  BMO
6. Re:Goodbye MA Businesses by yuna49 · 2011-03-29 14:19 · Score: 1
  
  Not to mention those businesses are supposed to abide by the Payment Card Industry Data Security Standard. One of my clients gets an email warning him about this from his payments processor every month or two.
7. Re:Goodbye MA Businesses by Darinbob · 2011-03-29 14:31 · Score: 1
  
  $110K seems a reasonable fine for a business of that size. Make the fine lower and they'll shrug it off. A fine has to hurt a little to be worthwhile. And it's a restaurant chain, what are they going to do move to Pennsylvania and hope the Boston residents make the drive? This doesn't fall into the area of government oppression and the jobs aren't going to vanish.
8. Re:Goodbye MA Businesses by Darinbob · 2011-03-29 14:36 · Score: 2
  
  No, the victims were the customers of the restaurant chain. The company wasn't fined merely for getting infected. From the article, they attorney general claims they "continued to accept credit and debit cards from customers even after it learned of the breach." That doesn't sound like a victim, instead it sounds like they were actually helping the malware through inaction. Of course the company denies this, so it always comes down to he-said/she-said.
9. Re:Goodbye MA Businesses by ktappe · 2011-03-29 14:45 · Score: 1
  
  I applaud the steps Massachusetts is taking to protect people's personal data, but at some point the fines and fees incurred by businesses here in Massachusetts will be enough to convince them to pack up and move to neighboring states where they can be more profitable. Our governor Deval will claim to have been "blindsided" by this Mass Exodus (pun intended).
  It was only a matter of minutes until a pro-business shill like you came along to claim that this move was somehow wrong. There was NOTHING WHATSOEVER wrong with the government's move here. If anything the damages were too low, for this was a case of protracted and blatant data insecurity that greatly endangered the financial well being of all their customers. Punishing this type of behavior is way WAY more important than protecting your precious business base.
  
  --
  "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
10. Re:Goodbye MA Businesses by ktappe · 2011-03-29 14:50 · Score: 1
  
  It's the equivalent of getting a fine for not having a strong enough door when your house is broken into.
  Bad analogy. There was business taking place here--where are the financial transactions in your analogy? Further, there was knowledge of a break-in but no action taken.
  A much better analogy would be if one of those self-storage outfits noticed that several of their clients lockers/units had been breached but did/said nothing while nightly looting of those units occurred. In fact, they continued to collect the monthly rent on those units.
  
  --
  "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
11. Re:Goodbye MA Businesses by SunTzuWarmaster · 2011-03-29 23:47 · Score: 1
  
  And then only businesses that obey the law will be left!
The last part is the kicker by winkydink · 2011-03-29 11:46 · Score: 3, Insightful

Everything here could happen to almost any SMB out there. But to keep taking credit cards _after_ knowing you've been hacked?

--
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
1. Re:The last part is the kicker by PraiseBob · 2011-03-30 04:04 · Score: 1
  
  The chance of getting fined is a possible loss of revenue. Not taking credit cards is a definite loss of revenue. Not taking credit cards for a couple of weeks while you replace / reformat all machines in the company that could be hiding malware would cost far more than $110k.
Way back when, in 1993 I was on trip to Geneva by PolygamousRanchKid+ · 2011-03-29 11:50 · Score: 2

I was surprised about a half year later, that the hotel sent me a birthday card. I mentioned this to a colleague (a security specialist), who stayed often in the same hotel. I found it amusing, but he told me, "Now imagine that they get new computers, and the old ones are given away . . . with all our private data on it."
Food for thought . . .

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Driving bad behavior? by nonregistered · 2011-03-29 12:12 · Score: 1

Why wouldn't the company just hide the data breach? There wouldn't be that many people in the company that would know about it. Easy enough to keep a lid on it. That's what control fraud is for, anyway.
1. Re:Driving bad behavior? by gcatullus · 2011-03-29 19:17 · Score: 1
  
  They can't because of the PCI standards, you are required to have a secure system scan for crap etc now to be allowed to processor cards. Now not all processors are enforcing the standards some are just collecting a "non-compliance" fee every month. In addition, the issuing banks can correlate stolen credit card numbers with the merchant that they were last used properly at.
Re:Punishing the victim? by BitterOak · 2011-03-29 12:33 · Score: 1

I would agree with you except for the part about the restaurant continuing to process and store credit card information even *after* they knew of the breach and before they fixed it.

--
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Stop buying music! by Marrow · 2011-03-29 12:50 · Score: 1

It only serves to destroy what really matters to you.
1. Re:Stop buying music! by Marrow · 2011-03-29 12:51 · Score: 1
  
  rats, wrong thread
Small fry by c0lo · 2011-03-29 12:57 · Score: 1

So, they started with small fry... Long way to go, then.

--
Questions raise, answers kill. Raise questions to stay alive.
Fine was NOT for Breach Law Violation by 517714 · 2011-03-29 13:08 · Score: 4, Informative

125,000 accounts (account number, cardholder name, expiration date and secure code) were exposed.
Here are alot more details and the complaint
Briar Group was ordered to comply with the Data Law, but they were NOT fined under that law which went into effect after the data breach was eliminated. They were fined for violation of Title XV,Chapter93A

--
The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
Re:Inside Job? by Push+Latency · 2011-03-29 13:25 · Score: 1

Doesn't this encourage the unsavory to simply infect a competitor's computer system?
Looks like the restaurant chain ... by Weirsbaski · 2011-03-29 13:54 · Score: 1

just got served,

--

I am not a sig.
Small in what context? by brunes69 · 2011-03-29 14:19 · Score: 1

We are talking about a regional restaurant chain, not a billion dollar corporation. I can't find any financials, but the website for the company says they have a grand total of 7 locations.
$110,000 is likely a very large fine for this company.
1. Re:Small in what context? by c_jonescc · 2011-03-29 14:24 · Score: 1
  
  Small in that it's less than the damage they likely caused through negligence.
  
  --
  Getting diabetes AND salmonella would be a bad weekend.
*&@!_? by md65536 · 2011-03-29 15:27 · Score: 1

What does the phrase "get its fuck together" mean?
Interesting... by rsilvergun · 2011-03-29 16:01 · Score: 1

Anyone know anywhere else that has similar laws? I'm in Arizona, and I can't imagine we have this sort of thing (mostly weak consumer protection). I know California has pretty strict data breach laws, requiring you notify everyone that could be affected.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Much better information here .... by gordguide · 2011-03-29 16:53 · Score: 4, Informative

When I read the article cited in the OP, the first question I had was how many accounts were compromised. Nothing on that in the article. So, I looked at the AG's press release. Not a word about it there, either. That seemed suspicious to me, so a bit more digging revealed this link:
http://www.massdataprivacylaw.com/data-breach/massachusetts-attorney-general-v-briar-group-llc---data-breach-settlement---the-details/
... with such tidbits as the charges were laid by the AG in court on the same day the settlement was announced. Go ahead, check out the link, there's more. Much more.
Anyway, the number of accounts was an interest to me because I wanted to see exactly what the AG valued a breach at .... in other words, what is a company likely to pay in a fine for negligently giving my CC details away? Turns out the value is about a dollar ... there were 125,000 CC accounts compromised and each compromise included the cardholder's name, CC#, expiry dates and the secure code. In other words, "Jackpot" data.
Ah, a liberterian I see by rsilvergun · 2011-03-29 17:12 · Score: 1

"I usually believe laws are bad"... unless they directly benefit me. Then they're Grrreat!

Sorry, I'm a bitter socialist :)

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Is it me or is it odd that it hits a restaurant? by Opportunist · 2011-03-29 21:51 · Score: 1

A restaurant? C'mon, can you get any smaller when targeting a business? Anyone else here thinking we're getting a scapegoat as a "look, we do something about your privacy concerns" showpiece?
Wake me when a corporation gets slapped for selling my info. 'til then, nothing to see here.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Is it me or is it odd that it hits a restaurant by magamiako1 · 2011-03-29 23:03 · Score: 2

Would you rather them ignore smaller businesses just because they're small?

Your argument makes no sense. Corporations are not *selling* your personal information (as defined by the MA law), so it's not covered. In this case, certain information was compromised (financial details) and that's what they go after.

It's the first step in the right direction.