Unassociated Document
Washington, D.C.  20549


Current Report Pursuant to Section 13 or 15(d) of
the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): March 25, 2010

(Exact name of registrant as specified in its charter)

(State of
(Commission File
(IRS Employer
Identification Number)

2481 Manana Drive
Dallas TX 75220
(Address of principal executive offices)

Registrant’s telephone number, including area code:    (214) 357-9588

Check the appropriate box if the Form 8-K filing is intended to simultaneously satisfy the reporting obligation of the registrant under any of the following provisions:

o Written communications pursuant to Rule 425 under the Securities Act
o     Soliciting material pursuant to Rule 14a-12 of the Exchange Act
o     Pre-commencement communications pursuant to Rule 14d-2(b) Exchange Act
o     Pre-commencement communications pursuant to Rule 13e-4(c) Exchange Act

Item 8.01    Other Events

Between May 18, 2007, and August 28, 2007, Dave & Buster’s, Inc. (the “Registrant”) was the victim of a sophisticated criminal attack upon its computer system.  As a result of this attack, approximately 130,000 payment cards used at eleven of the Registrant’s store locations were compromised.  Two individuals have pled guilty to their involvement in the criminal attack and an additional person, currently incarcerated in Turkey on unrelated charges, has also been indicted.  All three people indicted in the attack on the Registrant have also been indicted for their involvement in attacks on other companies.

By letter dated April 14, 2008, the Registrant was notified by the Federal Trade Commission (“FTC”) that the FTC was conducting a non-public inquiry into the Registrant’s information security practices.  The inquiry focused on the security of personal information, including payment card data, at the Registrant’s places of business.  Since the time of this initial inquiry, the Registrant has worked closely with the FTC in connection with its investigation.  The Registrant has reached an agreement with the FTC on the terms and provisions of a Complaint and Agreement Containing Consent Order (the “Order”) that concludes and settles the investigation.  The terms of the Order provide that Registrant failed to provide reasonable and appropriate security for personal information on its computer networks.  Specifically, Registrant failed to (a) employ sufficient measures to detect and prevent unauthorized access to computer networks, (b) adequately restrict third-party access to its networks, (c) monitor and filter outbound traffic from its networks (to identify and block the unauthorized export of sensitive personal information), (d) limit access between in-store networks, and (e) limit access to its computer networks through wireless access points.

Under its settlement with the FTC, Registrant is required to establish, implement, and maintain a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.  This information security program will contain administrative, technical, and physical safeguards designed to (a) identify material internal and external risks to the security, confidentiality, and integrity of personal information that could result in the unauthorized disclosure, misuse, loss, alteration, destruction, or other compromise of such information, (b) control the identified risks, and (c) ensure that Registrant’s third-party service providers are capable of appropriately safeguarding personal information they receive from Registrant.  As part of the development of the information security program, for a ten-year period, Registrant must obtain initial and biennial assessments and reports from an independent auditor that set out the safeguards implemented and maintained by Registrant, and explain how such safeguards meet or exceed the protections required by the terms of the Order.  The Order shall be binding upon the Registrant for twenty years.

The FTC voted to approve the Order on March 25, 2010 and will publish an announcement regarding the Order in the Federal Register.  The Order will be subject to public comment until April 26, 2010, after which the FTC will decide whether to make it final.  The Order does not require the Company to pay any fines or other monetary assessments and the Registrant does not believe that the terms of the Order will have a material adverse effect on its business, operations, or financial performance.


Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Date: March 26, 2010    
/s/ Jay L. Tobin  
Senior Vice President, General Counsel
and Secretary