A Six-Figure Credit Breach at Five Guys (updated)
I hate it when we only find out about data breaches from lawsuits, but at least we find out. Marlene Kennedy of Courthouse News reports:
Five Guys burger joints failed to safeguard their data, giving hackers access to the accounts of debit-card-paying customers, a bank claims in court.
Trustco Bank says the hackers racked up more than $89,800 in charges on the accounts of clients who visited Five Guys restaurants in Albany, Schenectady, Warren and Saratoga counties.
The defendants in the complaint, filed in Schenectady County Supreme Court, are RSVT Glenmont LLC, RSVT Niskayuna LLC, RSVT Queensbury LLC and RSVT Saratoga Springs LLC. Each operates a Five Guys restaurant in the communities listed in their names.[…]
The unauthorized transactions – Trustco counted 376 – occurred in November and December 2011, according to the complaint.
Read more on Courthouse News. Kennedy reports that according to the complaint, the affected restaurants “never provided notification to … customers of the security breach,” as required by New York law.
So what will NYS do, if it even knows about this lawsuit?
Update: More on the breach can be found in the Albany Times Union.