Dunkin' Donuts Will Pay Over Half a Million Dollar Fine After Data Breach Lawsuit
Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.
In early 2015, Dunkin’, franchisor of Dunkin’ Donuts, was repeatedly alerted by its third-party app developer of unauthorized access on customer accounts that led to the exposure of shopper names, email addresses, 16-digit DD Perks account numbers and PINs. Many of these compromised accounts also held Dunkin’-branded stored value cards (DD cards) that could be used to purchase various baked goods and beverages. In under a week, the breach exposed nearly 20,000 shopper accounts, and criminals stole tens of thousands of dollars from customers’ DD cards.
According to the New York Attorney General’s Office, Dunkin’ franchisor of Dunkin’ Donuts, “failed to notify these customers of unauthorized access to their accounts, reset their account passwords to prevent further unauthorized access or freeze their DD cards.”
The company suffered similar attacks in 2018. “In November 2018 or February 2019, Dunkin’s security vendor had identified usernames and passwords, including yours, that were likely obtained through other companies’ security breaches (not through any compromise of Dunkin’s own internal systems) and were made available on the Internet,” reads a supplemental notice of data breach filed with the Attorney General’s Office. “Malicious actors used those usernames and passwords to obtain DD Perks account information, including stored value card numbers and PINs.”
On top of the $650,000 in penalties and costs to be paid to the State of New York, Dunkin’ must notify all impacted customers, reset account passwords, and provide refunds for unauthorized use of shopper DD cards. Additionally, the company must upgrade its security protocols to avoid future unauthorized access and follow data breach notification procedures in any future incidents.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 16, 2021
September 14, 2021
September 13, 2021