The Dave & Buster's food and entertainment chain got publicly spanked by the Federal Trade Commission after being accused of leaving more than 130,000 of its customers' credit and debit card information left vulnerable to hackers -- causing hundreds of thousands of dollars of unauthorized and disputed charges.
In a complaint against Dave & Buster's, the FTC said the company's servers were accessed over a four-month period in 2007, when the hackers installed software that allowed them to intercept purchase information. The FTC alleged that the chain "failed to take reasonable steps to secure this sensitive personal information on its computer network."
To settle the charges, Dave & Buster's has agreed to maintain a comprehensive data security plan to prevent future breeches, the FTC said.
The company had been collecting customer's credit card information and expiration dates in order to obtain authorization when someone bought food or anything else, however the information was left on an unsecured network. Under the agreement with the FTC, Dave & Busters must have independent professional audits every other year for the next decade to ensure the security program is at an appropriate level.
Dave & Buster's, FTC settle on protecting customers' credit cards