Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges. Dave & Buster’s operates 53 restaurant and entertainment complexes across the country under the names Dave & Buster’s, Dave & Buster’s Grand Sports Café, and Jillian’s.
Dave & Buster’s will put in place a comprehensive information security program as a condition for settling the case. This is the FTC’s 27th case challenging faulty data security practices by organizations that handle sensitive consumer information.
According to the FTC, Dave & Buster’s collects credit card numbers and expiration dates from customers in order to obtain authorization for payment card purchases. The agency alleges the company failed to take reasonable steps to secure this sensitive personal information on its computer network. Specifically, it failed to:
- Take sufficient measures to detect and prevent unauthorized access to the network.
- Adequately restrict outside access to the network, including access by Dave & Buster’s service providers.
- Monitor and filter outbound data traffic to identify and block the export of sensitive personal information without authorization.
- Use readily available security measures to limit access to its computer networks through wireless access points.
The FTC alleged that, as a result of these failures, a hacker exploited some of those vulnerabilities, installed unauthorized software and accessed about 130,000 credit and debit cards. The banks that issued the cards have claimed several hundred thousand dollars in fraudulent charges.
The settlement requires Dave & Buster’s to establish and maintain a program designed to protect the security, confidentiality, and integrity of personal information collected from customers. It also requires the company to obtain independent, professional audits, every other year for 10 years, to ensure that the security program meets the standards of the settlement. In addition, the proposed settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.
The Commission vote to approve the complaint and proposed consent order was 4-0. An analysis of the proposed consent order will be published in the Federal Register shortly and will be subject to public comment for 30 days, until April 26, 2010, after which the Commission will decide whether to make it final. Interested parties can submit written comments electronically or in paper form by following the instructions in the Invitation To Comment part of the “Supplementary Information” section. Comments in electronic form should be submitted using the following Web link: https://public.commentworks.com/ftc/daveandbusters (and following the instructions on the web-based form). Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-135 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
![the word regulation in a stylized dictionary [Image by creator from ]](/media/images/Credit_Report_Disputes.max-80x80.png)
![[Image by creator from ]](/media/images/Thumbnail_Background_Packet.max-80x80_af3C2hg.png)
![[Image by creator from ]](/media/images/Finvi_Tech_Trends_Whitepaper.max-80x80.png)
![[Image by creator from ]](/media/images/Collections_Staffing_Full_Cover_Thumbnail.max-80x80.jpg)
![Report cover reads One Conversation Multiple Channels AI-powered Multichannel Outreach from Skit.ai [Image by creator from ]](/media/images/Skit.ai_Landing_Page__Whitepaper_.max-80x80.png)
![[Image by creator from ]](/media/images/paper-collections_triggers_1_1.max-80x80.png){kind=small}
![Report cover reads Bad Debt Rising New ebook Finvi [Image by creator from ]](/media/images/Finvi_Bad_Debt_Rising_WP.max-80x80.png)
![Report cover reads Seizing the Opportunity in Uncertain Times: The Third-Party Collections Industry in 2023 by TransUnion, prepared by datos insights [Image by creator from ]](/media/images/TU_Survey_Report_12-23_Cover.max-80x80.png)
![[Image by creator from ]](/media/images/Skit_Banner_.max-80x80.jpg)
![Webinar graphic reads Legal Hot Topics from insideARM's CRC Legal Advisory Board July 18,24 at 2pm ET [Image by creator from ]](/media/images/Landing_Page_Graphic_3.max-80x80.png){kind=small}
![Webinar graphic reads Help Wanted: Predictive, Collaborative and Intelligent Contact Data April 25 at 3pm et by TransUnion [Image by creator from ]](/media/images/Web_replay_Landing_Page.max-80x80.png){kind=small}
![Webinar graphic reads Multi-Channel AI: Improve Contacts & Increase Revenue Compliantly April 4 at 2pm et [Image by creator from ]](/media/images/Skit.ai_InsideARM_Landing_Page_1200x627.max-80x80.png){kind=small}
![Streamline Your Collections Process with Voice AI [Image by creator from ]](/media/images/Streamline_Your_Collections_Process_with_Voice.max-80x80.png){kind=small}
![How to Connect with Today’s Digital Consumer [Image by creator Editor from insideARM]](/media/images/finvi_webinar_thumbnail.max-80x80.png){kind=small}
![Customizable or Configurable? Webinar [Image by creator Editor from insideARM]](/media/images/Landing_Page_2.max-80x80.png){kind=small}
![How to Launch an Omnichannel Collection Strategy [Image by creator Neustar from insideARM]](/media/images/omnichannel-webinar.max-80x80.png){kind=small}
![Breaking Down the CFPB's Opinion on Convenience Fees [Image by creator Editor from insideARM]](/media/images/2022-11-convieniance-fees-webinar.max-80x80.png){kind=small}