$110,000 Fine Is First Under MA Data Privacy Law

chicksdaddy writes "A Massachusetts restaurant chain was the first company fined under the state's toughest-in-the-nation data breach law, according to a statement by the Massachusetts Attorney General. The Briar Group, which owns a number of bars and restaurants in Boston, is charged with failing to protect patrons' personal information following an April, 2009 malware infestation. It was ordered to pay $110,000 in penalties and, essentially, get its *&@! together. Among the revelations from the settlement: Briar took six months to detect and remove the data stealing malware, continuing to take credit and debit cards from patrons even after learning of the data breach, said Massachusetts Attorney General Martha Coakley."

The last part is the kicker

[winkydink]

Everything here could happen to almost any SMB out there. But to keep taking credit cards _after_ knowing you've been hacked?

Re:Lesson...

[LordNimon]

Why should I? If there are any fraudulent charges, my credit card company will reverse them. Constantly reloading a debit card is a big hassle, and carrying around that much cash with me is unsafe.

Re:Lesson...

[Ruke]

While it is valuable to keep security in mind, I think that you might be taking it a little over the edge. Despite the fact that identity theft does happen, the rate at which it happens is low enough that the benefit of using credit outweighs the risk of having your identity stolen. Keeping an eye on your bank statements, and immediately contacting your bank in the event that any suspicious charges show up,seems to be much more reasonable strategy for 95% of the population than carrying large amounts of cash.