SECURITIES
AND EXCHANGE COMMISSION
Washington,
D.C. 20549
FORM
8-K
Current
Report Pursuant to Section 13 or 15(d) of
the
Securities Exchange Act of 1934
Date of Report (Date of earliest
event reported): March 25, 2010
DAVE
& BUSTER’S, INC.
(Exact
name of registrant as specified in its charter)
|
Missouri
(State
of
incorporation)
|
001-15007
(Commission
File
Number)
|
43-1532756
(IRS
Employer
Identification
Number)
|
2481
Manana Drive
Dallas
TX 75220
(Address
of principal executive offices)
Registrant’s
telephone number, including area code: (214) 357-9588
Check the
appropriate box if the Form 8-K filing is intended to simultaneously satisfy the
reporting obligation of the registrant under any of the following
provisions:
o Written communications pursuant
to Rule 425 under the Securities Act
o Soliciting
material pursuant to Rule 14a-12 of the Exchange Act
o Pre-commencement
communications pursuant to Rule 14d-2(b) Exchange Act
o Pre-commencement
communications pursuant to Rule 13e-4(c) Exchange Act
Item
8.01 Other
Events
Between May 18, 2007, and August 28,
2007, Dave & Buster’s, Inc. (the “Registrant”) was the victim of a
sophisticated criminal attack upon its computer system. As a result
of this attack, approximately 130,000 payment cards used at eleven of the
Registrant’s store locations were compromised. Two individuals have
pled guilty to their involvement in the criminal attack and an additional
person, currently incarcerated in Turkey on unrelated charges, has also been
indicted. All three people indicted in the attack on the Registrant
have also been indicted for their involvement in attacks on other
companies.
By letter dated April 14, 2008, the
Registrant was notified by the Federal Trade Commission (“FTC”) that the FTC was
conducting a non-public inquiry into the Registrant’s information security
practices. The inquiry focused on the security of personal
information, including payment card data, at the Registrant’s places of
business. Since the time of this initial inquiry, the Registrant has
worked closely with the FTC in connection with its investigation. The
Registrant has reached an agreement with the FTC on the terms and provisions of
a Complaint and Agreement Containing Consent Order (the “Order”) that concludes
and settles the investigation. The terms of the Order provide that
Registrant failed to provide reasonable and appropriate security for personal
information on its computer networks. Specifically, Registrant failed
to (a) employ sufficient measures to detect and prevent unauthorized access to
computer networks, (b) adequately restrict third-party access to its networks,
(c) monitor and filter outbound traffic from its networks (to identify and block
the unauthorized export of sensitive personal information), (d) limit access
between in-store networks, and (e) limit access to its computer networks through
wireless access points.
Under its settlement with the FTC,
Registrant is required to establish, implement, and maintain a comprehensive
information security program that is reasonably designed to protect the
security, confidentiality, and integrity of personal information collected from
or about consumers. This information security program will contain
administrative, technical, and physical safeguards designed to (a) identify
material internal and external risks to the security, confidentiality, and
integrity of personal information that could result in the unauthorized
disclosure, misuse, loss, alteration, destruction, or other compromise of such
information, (b) control the identified risks, and (c) ensure that Registrant’s
third-party service providers are capable of appropriately safeguarding personal
information they receive from Registrant. As part of the development
of the information security program, for a ten-year period, Registrant must
obtain initial and biennial assessments and reports from an independent auditor
that set out the safeguards implemented and maintained by Registrant, and
explain how such safeguards meet or exceed the protections required by the terms
of the Order. The Order shall be binding upon the Registrant for
twenty years.
The FTC voted to approve the Order on
March 25, 2010 and will publish an announcement regarding the Order in the
Federal Register. The Order will be subject to public comment until
April 26, 2010, after which the FTC will decide whether to make it
final. The Order does not require the Company to pay any fines or
other monetary assessments and the Registrant does not believe that the terms of
the Order will have a material adverse effect on its business, operations, or
financial performance.
SIGNATURES
Pursuant to the requirements of the
Securities Exchange Act of 1934, the Registrant has duly caused this report to
be signed on its behalf by the undersigned hereunto duly
authorized.
| DAVE & BUSTER’S, INC. | |||
|
Date:
March 26, 2010
|
By:
|
/s/ Jay L. Tobin | |
|
Senior
Vice President, General Counsel
|
|||
|
and
Secretary
|
|||