ALBANY — New York reached a settlement Tuesday with Dunkin’ Brands, Inc. over a lawsuit that accused the company of failing to adequately respond to cyberattacks since 2015 that compromised customers’ online accounts.
The settlement with Dunkin' Donuts' parent company requires it to notify customers impacted by the attacks, reset those customers’ passwords and provide refunds for any unauthorized use of customers’ stored value cards.
The Canton, Mass.-based company will also need to maintain safeguards to protect against similar attacks and pay $650,000 in penalties to New York, Attorney General Leticia James announced.
“For years, Dunkin’ hid the truth and failed to protect the security of its customers, who were left paying the bill,” James said in a statement.
The state Attorney General's Office said the online accounts of Dunkin’ customers were first targeted in early 2015 in a series of “credential stuffing attacks” — which were automated attempts to gain access to accounts using usernames and passwords stolen through security breaches of other unrelated websites.
The cyberattacks, which went on through 2018, led to tens of thousands of customer accounts being compromised within months, mainly Dunkin’-branded stored value cards known as “DD cards” that could be used to make purchases at Dunkin’ stores, the state said.
There was no immediate comment from Dunkin' on the settlement.
Under the terms of the settlement, Dunkin’ will need to:
• Reset the password of each New York customer impacted in an attack who had a "DD card" registered to their account at the time.
• Notify the customers that their accounts were, or may have been, accessed.
• Tell the customers that they are eligible for a refund for any fraudulent activity that resulted from an attack.
Customers will have 90 days to contact Dunkin’ by calling (800) 447-0013 or by emailing email@example.com to request copies of their account records and report fraudulent activity.
Jeremy Boyer can be reached at (315) 282-2231 or firstname.lastname@example.org. Follow him on Twitter @CitizenBoyer
Get Election 2020 & Politics updates in your inbox!
Keep up on the latest in national and local politics as Election 2020 comes into focus.