Security Experts:

Boston Restaurant Group Confirms Credit Card Data Theft

The Briar Group has come forward with confirmation that customers at its eight Boston-area restaurants may have had their credit card data stolen.

Details on the security breach are limited but the company said the theft of credit card data "may have occurred from sometime in October 2013 to early November 2013."

The Briar Group's confirmation follows buzz that a number of residents and visitors to Boston in the middle of November suffered from credit card data theft.

"As soon as the Briar Group became aware that our restaurants – and therefore our customers – may have been a target of this crime, we undertook an immediate investigation into this issue. Today we are reporting that the Briar Group's systems were indeed infiltrated. The investigation remains active and ongoing," the company said in a statement.

The Briar Group owns and operates eight restaurants in Boston --Anthem, City Bar, City Table, MJ O'Connor's, Ned Devine's, Solas, The Green Briar and The Harp.

From the company's statement:

  • Based on the initial results of our investigation, we believe the unauthorized access to card data at our restaurants may have occurred from sometime in October 2013 to early November 2013. We are still working to determine the exact dates and will update this website when we learn more.
  • Even if you visited one of Briar Group's restaurants during this period, your credit card data may not have been stolen or used.
  • However, we urge all of our customers during this period to monitor your credit card statements carefully for fraudulent charges. You should not be responsible for any unauthorized charges on your card; you can contact your card issuer for more information.
  • We want to assure you that the Briar Group takes the security of the personal information and bank data of all of our customers seriously. For the past several years, we have been working with data service and security professionals McGladrey to assure that we meet or exceed industry standards in terms of data security. All of our systems are PCI compliant and updated regularly.

The company said it has worked with security experts to lock down its systems to determine if its payment system was hacked. However, it did not provide any details about the breach and whether malware was used to pilfer the data. 

"We have been working closely with law enforcement officials and are providing them with all available information to support their effort to identify the criminals who undertook this act," The Briar Group said. 

Related Reading: PCI DSS 3.0 - The Impact on Your Security Operations

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.