A Boston-area restaurant company was fined $110,000 for failing to patch a security hole that resulted in the electronic theft of credit card information from tens of thousands of customers. It is the first penalty levied under the state’s new data privacy act.