Yesterday’s press releases brought news of another potential lawsuit involving the restaurant industry and a POS vendor and reseller. I recognize the attorneys’ names as the same attorneys who filed suit on behalf of some Louisiana restauranteurs against another POS vendor, Radiant Systems, and their reseller, Computer World, last year. According to the press release, this potential lawsuit would be against Restaurant Data Concepts, Inc. of Warwick, Rhode Island, vendors of the POSitouch system, and CC Productions of Hoboken, New Jersey, the reseller.
At the core of the allegations in the developing lawsuit:
1) POSitouch’s POS system failure: The facts emanating from a forensic audit reveal that POSitouch sold a system that was non-compliant with PCI-DSS.
2) CC Productions’ mismanagement: This POSitouch reseller engaged in flagrant violations of PCI standards that gave rise to the security breaches. When companies such as CC Productions engage in the support and management of a merchants’ POS application system they need to ensure that they are not engaging in suspect actions that open up the ports so that hackers may penetrate the entire system through malware.
[…]
While the exact amount of the identify theft losses to banks, the financial losses to the restaurants, fines, investigatory costs, fines imposed by the credit card companies and other costs attributed to fixing the computer systems’ security breaches are still being tallied, the lawsuit is seeking compensation to repay the penalties levied by the credit card companies and the massive costs to track down and repair the POS system problems. According to the attorneys, damages “could run well into seven figures.”
I’ve sent out inquiries to the lead attorney and to Restaurant Data Concepts and will be following any developments in this case on this site. At this point, I’m not even sure whether we already knew about any of these incidents but the coverage didn’t mention the POS, or if most of the breaches alluded to flew under the media radar.
Update of 5-28-10: See POSitouch’s response here.