Legal Newsline

Monday, January 27, 2020

Restaurant group settles with Mass. AG

By Keith Loria | Mar 28, 2011


BOSTON (Legal Newsline) - Massachusetts Attorney General Martha Coakley announced on Monday that her office has reached a $110,000 settlement with a restaurant group that allegedly failed to protect patrons' personal information.

The Briar Group LLC -- the owner and operator of the Boston-based restaurants and bars The Lenox, MJ O'Connor's, Ned Devine's, The Green Briar and The Harp -- allegedly failed to take proper steps to keep payment card information safe.

"When consumers use their credit and debit cards at Massachusetts establishments, they have an expectation that their personal information will be properly protected," Coakley said. "In this instance, the Briar Group did not take proper protections to protect customers' personal information."

The suit alleged that there was a company-wide data breach in April 2009 when the Briar Group installed malcode on its computer systems, allowing hackers access to customers' credit and debit card information. The malcode was not removed until December 2009, placing eight months of names and account numbers at risk, Coakley says.

Coakley alleged that the company did not change default usernames and passwords on its point-of-sale computer system. The Briar Group also allegedly allowed employees to share usernames and passwords, didn't secure its wireless network and continued accepting credit and debit cards from consumers after learning of the data breach.

In addition to the civil penalties Briar Group must pay, the agreement requires the company to comply with state data security regulations and payment card industry data security standards in the future. It must also establish and maintain an enhanced computer network security system going forward.

"In addition to the payment, this agreement also works to ensure that steps have been taken to protect consumer information moving forward," Coakley said. "Our office will continue to take action against companies that fail to implement basic security measures on their computer systems to protect the sensitive information entrusted to them by consumers."

Want to get notified whenever we write about ?

Sign-up Next time we write about , we'll email you a link to the story. You may edit your settings or unsubscribe at any time.