DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update to Restaurant Depot/Jetro breach

Posted on December 16, 2011 by Dissent

The recent Restaurant Depot/Jetro breach that I reported on Dec. 7  provides a timely example of the issue of unreimbursed harm that consumers grapple with on a daily basis.  As I continue to follow media coverage on that breach, it is clear that not only is there financial impact of this breach (the hacked card numbers have been misused), but there have been other types of as yet unreimbursed harm.

In today’s Boston Herald, Jerry Kronenberg reports how one customer of Restaurant Depot was affected:

Cris Maloof of Quincy’s Schoolhouse Pizza said scammers charged $14,000 on three of his credit cards, while his wife found her account shut off when she went shopping on Black Friday.

The bank ultimately straightened everything out, but someone contacted Schoolhouse Pizza’s utility and had the power shut off this week. That took Maloof an hour to reverse.

“It’s insane,” he said. “The inconvenience and the amount of hoops I’ve had to jump through — with the bank, with getting a new tax identification number, with everything — was just ridiculous.”

Not all of the 300,000 affected customers may have stories like that and Restaurant Depot has offered credit restoration services and reimbursement for expenses incurred, but it is not clear what happens to reimbursement for time spent and frustration.

I think Restaurant Depot is trying to do the right thing by its customers (although some will undoubtedly point out that obviously, they were not PCI compliant and could have avoided the entire mess). But at the end of the day, are customers really made whole by packages such as that offered in this case? And what about those entities that do not even offer credit restoration services and compensation? Is the best we can hope for harm minimization without full restoration and compensation? Is this the price we pay if we use plastic and trust others with our data? Or is there a better way – with or without regulation?


Related:

  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Category: Breach IncidentsBusiness SectorID TheftMalwareU.S.

Post navigation

← AU: Bank of Melbourne in privacy breach
HI: Tax data infiltrated by state workers (updated) →

1 thought on “Update to Restaurant Depot/Jetro breach”

  1. Major Tom says:
    December 20, 2011 at 9:29 am

    Credit Restoration is good for how long? How many crooks see the vulnerable person as a juicy “A+” candidate, then a B, then a C and so forth. I think once your PII data is out there its just a matter of time. I am sure there are a few crooks that will offer the data just once and get rid of it, but others may hold onto it in hopes that it can be used again in the future. The water gets really murky as to where PII info has come from. Some will accuse the company that got breached, but what aboiut those companies that do not offer such information….”Hype-pathetically” speaking, if a cover up occurs, whether by workers, managers or a combo of each, the true path to the leaking of PII is almost untracable. Crooks know this.

    As far as reimbursement for time and pain, it should be charged via a documented hourly wage. If a person is standing in a line or resolving a PII or CC issue, rather than doing his job, an average, or a well documented timeline with reciepts which show time, date and costs involved could be used as a restitutional plea.

    Many Financial institutions are greedy. Most want part of the consumer knee-jerk purchasing with a credit card. They get to pay the price when it becomes violated. They know the risk thats associated with Credit Card usage, but they continue to offer those services – and its a widespread pandemic. The money must still be OK, otherwise they would turn the leaky tap off completely.

    Which costs more? A technology upgrade/refresh of the credit card industry – very possible if they work togther, or keep on using antiquated services that are obviously broken?

    Sure people can use cash, money orders, wire transfers and the like and be more secure than others. One has to remember that the risk then transfers to the “insider” and technologies such as skimmers.

    Fix all this, and then the crooks will get insiders to change out money drawers with counterfit bills and poison the economy even more. The possibilities are endless. depends on how hard you want to look to see whats going on in the world.

    Treat the PII CC violators as they should be. Give them mandatory sentences, much like the convicted DUI DWI people are. Leaving room for negotiations and mis-interpretation of laws and the twisting of them, will only make this worse.

    The American dream is to have houses; have the Family business running smoothly and the comfort knowing that all is safe. The “American” may still be there, but know they dark side will taint even some of the best people, with promises of making a quick dollar – until the smaller fish are caught, and the bigger ones move on to find other puppets.

    There isn’t a simple solution to this issue. Its like a toxic spillage in a highly vulnerable area. They initial cleanup will take some time, but what about the after-effects many years down the road?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.