Dave & Buster's, FTC settle on protecting customers' credit cards
In a complaint against Dave & Buster's, the FTC said the company's servers were accessed over a four-month period in 2007, when the hackers installed software that allowed them to intercept purchase information. The FTC alleged that the chain "failed to take reasonable steps to secure this sensitive personal information on its computer network."
To settle the charges, Dave & Buster's has agreed to maintain a comprehensive data security plan to prevent future breeches, the FTC said.
The company had been collecting customer's credit card information and expiration dates in order to obtain authorization when someone bought food or anything else, however the information was left on an unsecured network. Under the agreement with the FTC, Dave & Busters must have independent professional audits every other year for the next decade to ensure the security program is at an appropriate level.