$110,000 Fine Is First Under MA Data Privacy Law 97
chicksdaddy writes "A Massachusetts restaurant chain was the first company fined under the state's toughest-in-the-nation data breach law, according to a statement by the Massachusetts Attorney General. The Briar Group, which owns a number of bars and restaurants in Boston, is charged with failing to protect patrons' personal information following an April, 2009 malware infestation. It was ordered to pay $110,000 in penalties and, essentially, get its *&@! together. Among the revelations from the settlement: Briar took six months to detect and remove the data stealing malware, continuing to take credit and debit cards from patrons even after learning of the data breach, said Massachusetts Attorney General Martha Coakley."
The last part is the kicker (Score:4, Insightful)
Everything here could happen to almost any SMB out there. But to keep taking credit cards _after_ knowing you've been hacked?
Re:Lesson... (Score:4, Insightful)
Why should I? If there are any fraudulent charges, my credit card company will reverse them. Constantly reloading a debit card is a big hassle, and carrying around that much cash with me is unsafe.
Re:Lesson... (Score:5, Insightful)