NEW YORK (WWTI) — The New York Attorney General has announced a resolution to a lawsuit with the franchisor of Dunkin’ Donuts.
New York Attorney General Letitia James confirmed on September 15 that a settlement has been reached with Dunkin’ Brands, Inc., following cyberattacks. The attacks lead to many customers compromised online accounts.
According Attorney General James, the attacks date back to 2015. James stated that online Dunkin’ customer accounts were targeted in a series of attacks.The attackers repeatedly attempted to gain access to customer online accounts using stolen usernames and passwords. Additionally “DD cards” were compromised with led to tens of thousands of stolen dollars off these cards.
James confirmed that the resolved lawsuit was filed following Dunkin’s failure to respond or conduct and investigation.
“For years, Dunkin’ hid the truth and failed to protect the security of its customers, who were left paying the bill,” said Attorney General James. “It’s time to make amends and finally fill the holes in Dunkin’s’ cybersecurity. Not only will customers be reimbursed for lost funds, but we are ensuring the company’s dangerous brew of lax security and negligence comes to an end.”
The settlement announced on September 15 will require Dunkin’ to notify customers impacted, reset their passwords and supply refunds. Additionally, Dunkin’ will be required to maintain safeguards to prevent future attacks and pay $650,000 for any penalty to this agreement.
This case was handled by Assistant Attorneys General Johanna Skrzypczyk and Ezra Sternstein, Senior Enforcement Counsel Jordan Adler, Volunteer Assistant Attorney General Nathaniel Kosslyn, Legal Assistant Richard Borgia, Internet Technology Analyst Joe Graham, Deputy Bureau Chief Clark Russell, and Bureau Chief Kim Berger, with assistance from Director Jonathan Werberg of the Research and Analytics Department.