Slashdot Mirror

← Back to Stories (view on slashdot.org)

$110,000 Fine Is First Under MA Data Privacy Law

Posted by timothy on from the good-start dept.

chicksdaddy writes "A Massachusetts restaurant chain was the first company fined under the state's toughest-in-the-nation data breach law, according to a statement by the Massachusetts Attorney General. The Briar Group, which owns a number of bars and restaurants in Boston, is charged with failing to protect patrons' personal information following an April, 2009 malware infestation. It was ordered to pay $110,000 in penalties and, essentially, get its *&@! together. Among the revelations from the settlement: Briar took six months to detect and remove the data stealing malware, continuing to take credit and debit cards from patrons even after learning of the data breach, said Massachusetts Attorney General Martha Coakley."

4 of 97 comments (clear)

  1. Re:Lesson... by LordNimon · · Score: 4, Insightful

    Why should I? If there are any fraudulent charges, my credit card company will reverse them. Constantly reloading a debit card is a big hassle, and carrying around that much cash with me is unsafe.

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart
  2. Re:Lesson... by Ruke · · Score: 4, Insightful

    While it is valuable to keep security in mind, I think that you might be taking it a little over the edge. Despite the fact that identity theft does happen, the rate at which it happens is low enough that the benefit of using credit outweighs the risk of having your identity stolen. Keeping an eye on your bank statements, and immediately contacting your bank in the event that any suspicious charges show up,seems to be much more reasonable strategy for 95% of the population than carrying large amounts of cash.

  3. Fine was NOT for Breach Law Violation by 517714 · · Score: 4, Informative

    125,000 accounts (account number, cardholder name, expiration date and secure code) were exposed.

    Here are alot more details and the complaint

    Briar Group was ordered to comply with the Data Law, but they were NOT fined under that law which went into effect after the data breach was eliminated. They were fined for violation of Title XV,Chapter93A

    --
    The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
  4. Much better information here .... by gordguide · · Score: 4, Informative

    When I read the article cited in the OP, the first question I had was how many accounts were compromised. Nothing on that in the article. So, I looked at the AG's press release. Not a word about it there, either. That seemed suspicious to me, so a bit more digging revealed this link:

    http://www.massdataprivacylaw.com/data-breach/massachusetts-attorney-general-v-briar-group-llc---data-breach-settlement---the-details/

    ... with such tidbits as the charges were laid by the AG in court on the same day the settlement was announced. Go ahead, check out the link, there's more. Much more.

    Anyway, the number of accounts was an interest to me because I wanted to see exactly what the AG valued a breach at .... in other words, what is a company likely to pay in a fine for negligently giving my CC details away? Turns out the value is about a dollar ... there were 125,000 CC accounts compromised and each compromise included the cardholder's name, CC#, expiry dates and the secure code. In other words, "Jackpot" data.