By Joe Taylor Jr., CardRatings contributor
Updated, April 8, 2010
After nearly three years of investigation and prosecution, a case that brought identity thieves' tricks and tools to light has been closed. The Federal Trade Commission announced in late March that it reached a settlement with Dave & Buster's that the restaurant chain had left its point-of-sale network vulnerable to security breaches by hackers.
The terms of the settlement require Dave & Buster's to increase security on their merchant terminals and ordering systems, steps the chain took shortly after learning about the incursion that left 130,000 patrons vulnerable to credit card fraud
. Three men indicted in connection with the crime had already been charged on other fraud and identity theft cases, including the high-profile breach of a customer records database at TJX, the parent company of Marshalls and TJ Maxx.
The trio installed "packet sniffer" devices at Dave & Buster's locations that collected customer information from each restaurant's internal network. At one location, the capture of over 5,000 credit card numbers led to over $600,000 in losses. Although Dave & Buster's representatives declined to comment to major news organizations, sources report
that the company had long since implemented both physical and electronic security measures to deter future attacks.