The Briar Group LLC, which runs Ned Devine’s, the Green Briar, The Lenox, and other popular restaurants, has agreed to pay $110,000 to resolve allegations that the Boston chain failed to take reasonable steps to protect diners’ personal information and put at risk the information on tens of thousands of credit and debit cards.
The settlement stems from a lawsuit filed by Massachusetts Attorney General Martha Coakley over a data breach the Briar Group suffered in April 2009. Malcode was apparently installed on the company’s computer systems that allowed hackers to access to customers’ credit and debit card information, including names and account numbers. The malcode was not removed from the Briar Group’s computers until December 2009.
The lawsuit filed in Suffolk Superior Court also alleges that the Briar Group failed to change default usernames and passwords on its point-of-sale computer system; allowed multiple employees to share common usernames and passwords; failed to properly secure its remote access utilities and wireless network; and continued to accept credit and debit cards from consumers after Briar knew of the data breach.