Washington Attorney General Bob Ferguson announced Tuesday his office has reached a settlement pursuant to the Consumer Protection Act with Vancouver-based fast food chain Burgerville, regarding a cybersecurity breach that the company suffered in 2017.
The company, which operates restaurants in Oregon and Washington, announced in September 2018 that it had uncovered a large-scale breach in its network. It had been ongoing for about a year and potentially compromised customers’ debit and credit card information.
Under the terms of the agreement, Burgerville will be obligated to pay a combined $250,000 to the states of Washington and Oregon through quarterly payments starting one year after the agreement is approved.
The total amount of the penalty will be reduced by half if the company fully complies with all of the other requirements, which include a number of new cybersecurity practices to be implemented during the first year.