On March 28, 2011, the Massachusetts AG entered into a settlement with the owner and operator of a number of bars and restaurants with respect to a security breach and related data security failings. According to the Massachusetts AG’s complaint, the restaurant chain experienced a data breach in April 2009 in which malware on its computer systems allowed hackers to access customer payment card information. In addition, the AG’s complaint alleged, among other things, that the restaurant chain did not follow a number of basic computer security precautions, including, for example, failing to change the default usernames and passwords on its computer system and permitting employees to share common usernames and passwords. The settlement required the restaurant chain, among other things, to pay $110,000 in civil penalties, as well as to comply with the Massachusetts data security regulations. In making this announcement, the Massachusetts AG acknowledged that the breach at issue occurred prior to the date that compliance with the Massachusetts data security regulations was required (March 1, 2010), but “the data security standards set forth in the regulations were used in the settlement.”