Uh oh. NECN reports:
A Boston restaurant group is letting patrons know that its computer systems were breached.
The Briar Group, or BRG, says someone had unauthorized access to card data at the restaurants between October and early November.
Diana Pisciotta, a spokesperson for the group, says they have been working on identifying the source and method of the breach since they initially learned they had possibly been compromised in November.
[…]
The breach affects eight bars and restaurants, which include Anthem, City Bar, City Table, MJ O’Connnor’s, Ned Devine’s, Solas, The Green Briar, and The Harp.
Read more on NECN.
For those of you who don’t remember, Massachusetts had previously sued Briar Group over a 2009 data security breach, and BRG settled that complaint in 2011 for $110,000 and a corrective action plan to comply with PCIDSS. So what might/will the Commonwealth of Massachusetts do now? This new breach was not as long-running as the 2009 incident, but will Massachusetts find that they violated the previous settlement? If so, this could really cost BRG. Stay tuned, I guess….
Note: This breach reportedly accounts for the recent fraud reports from those attending conventions in Boston. The Boston Globe reports:
A local restaurant chain confirmed Friday that its computer systems were breached, putting the credit-card information of thousands of customers at risk, including visitors who attended two major conventions in Boston.
The Briar Group, which owns 10 restaurants and bars in Boston, including two at the Westin hotel connected to the Boston Convention & Exhibition Center, said its computer systems were infiltrated sometime between October and early November. It said customer names, credit-card numbers, expiration dates, and security information were captured from the cards’ magnetic strips.
They report that the Attorney General is not commenting right now.