Thursday, March 25, 2010

Dave & Buster's Busted for Loose Practices

Dave & Buster's, an entertainment and restaurant chain, was caught not minding its customers private information, and now it has to pay the piper.

The FTC, in an action announced today, has settled charges that Dave & Buster's did not take reasonable steps to protect its customers' credit card information. As a result of the lax security, some customers' credit cards were compromised by a hacker who got into the company computer system, and several hundred thousand dollars in fraudulent charges were made. No doubt the banks that issued the cards are not happy about the bogus charges, but the customers are the real victims here.

The FTC claimed that D&B's failed to:
  • Take sufficient measures to detect and prevent unauthorized access to the network.
  • Adequately restrict outside access to the network, including access by Dave & Buster’s service providers.
  • Monitor and filter outbound data traffic to identify and block the export of sensitive personal information without authorization.
  • Use readily available security measures to limit access to its computer networks through wireless access points.
The settlement requires the company to implement these and other more stringent security measures to protect credit card data. Read more details here.

The FTC has filed 27 similar cases against companies that failed to adequately protect consumers' financial information. Keep it up!

If you've been the victim of a company's lax security and your private information has been stolen or compromised, contact me immediately for a free consultation.


No comments:

Legal Disclaimers, Copyright and Other Legal Stuff

The contents of this blog are the responsibility and property of Bert Joseph Miano and Miano Law P.C., except where other sources of information are cited or credited. This blog and its contents are protected by US copyright laws, international conventions and other copyright laws. The blog is provided only for your personal, informational and non-commercial use, and is not intended to offer legal advice for specific situations, nor does reading the blog create an attorney/client relationship.

Disclaimer required pursuant to the Alabama Rules of Professional Responsibility: "No representation is made that the quality of legal services to be performed is greater than the quality of legal services performed by other lawyers."