There were no fun and games for Dave & Buster’s Thursday as it agreed to settle with the Federal Trade Commission (FTC) over a 2008 data breach. The FTC had charged the restaurant and entertainment chain with lax security that allowed hackers to access roughly 130,000 customers’ credit card numbers. Swindlers succeeded in illegally charging hundreds of thousands of dollars to the hijacked accounts.

As part of the settlement, Dave & Buster’s must create a program aimed at protecting customer privacy and preventing another data breach. Every other year for the next decade, Dave & Buster’s must undergo an audit to ensure it’s meeting the terms of the settlement.

For more, read the Dallas Morning News story.