Site icon

Juris Doctor 120 of 161 – AKA Beer Breach

I have a natural passion for keeping people safe and secure as many of you know. I also have a real passion for technology law which might be evidenced by the doctoral pursuit in law. I also follow the news looking for cases that have been adjudicated and what the verdict or in most cases, what the settlements look like. Part of this comes from being tuned into case law in school, but also my day job as Chief Information Security Officer compels me to stay ahead of the threatscape. A news article came out this week that is particularly interesting and I’ll explain why.

Massachusetts levies data breach fines against restaurant group

Massachusetts levied its first data security data breach fine against the ownership group of several Boston area taverns in a settlement that forces the organization to pay $110,000 for failing to secure its patrons’ personal information. ($110,000 is all! What a bargain to the retailer. There is gross negligence here and numerous victims. It is a shame that the government has declared this to be their “first data security breach fine” when commerce fraud has been occurring for many years. There is a conflict of interest here if you begin to analyze the issue. First, we have a need for “Job Creation” and crushing employers damages that concept. Second, there are consumer protections in place and they must be protected. So this particular scenario is the virtual “beads for the natives” to me. You slap the offending retailer for their gross negligence and in doing so; you are “protecting” the consumer. This is watered down just like the light beer they serve. Governments and private companies are typically slow to make changes and it is only after the long process of adjudication does the private citizen make changes for themselves it seems.)

The lawsuit also alleges that the Briar Group used default usernames and passwords on its point-of-sale system, making it easier for outside attackers to gain access to the sensitive data. In addition, the restaurant group allegedly let multiple employees share common usernames and passwords to access the system and it failed to secure its remote access and wireless network. The organization continued to accept credit and debit cards from consumers after it knew of the data breach. (Security 101 here! A person would have no survival skills here and be subject to natural selection if they think free love networks, shared accounts and default passwords are acceptable. Geeks have a word for this and it is “TechTard.” Would you leave your doors unlocked for anyone to come and go as they please? Would you hand out copies of your keys to anyone that you invite over to the house? Would you allow strangers to rummage through your file cabinet or underwear drawer? Hell No! This just speaks to gross negligence to me and must be adjudicated further.)

Here is a link to the actual report: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1529350,00.html

Some interesting facts are:

It will be interesting to see if consumers affected by this beer breach are placated or if some independent litigation will emerge. What would your outlook be under the circumstances?

 

Exit mobile version