The Federal Trade Commission announced a settlement with entertainment company Dave & Buster’s concerning the privacy of consumer data. The FTC had charged the company had security problems that left customers’ credit and debit card data vulnerable to theft.
The FTC alleged that, as a result of these failures, a hacker exploited some of those vulnerabilities, installed unauthorized software and accessed about 130,000 credit and debit cards. The banks that issued the cards have claimed several hundred thousand dollars in fraudulent charges.
The settlement requires Dave & Buster’s to establish and maintain a program designed to protect the security, confidentiality, and integrity of personal information collected from customers. It also requires the company to obtain independent, professional audits, every other year for 10 years, to ensure that the security program meets the standards of the settlement. In addition, the proposed settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.
The company, which operates 53 restaurants and entertainment venues nationwide, “will put in place a comprehensive information security program as a condition for settling the case,” the FTC said. The agency said this is its 27th case “challenging faulty data security practices by organizations that handle sensitive consumer information.”