Cyber Breach

State Attorney General brought action against owner of multiple restaurants under Deceptive Consumer Sales Act and Disclosure of Security Breach Act alleging violation for failure to comply with the Payment Card Industry Data Security Standards. A third party complaint was filed against vendor, alleging that cyber-attack was made on point of sale software through third-party defendant’s controlled access point. Third party defendant maintained that under the applicable service contract, liability was disclaimed and/or limited by the yearly fee paid.