1 min read

Dunkin' Donuts Will Pay Over Half a Million Dollar Fine After Data Breach Lawsuit

Alina BÎZGĂ

September 22, 2020

Dunkin' Donuts Will Pay Over Half a Million Dollar Fine After Data Breach Lawsuit

Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.

What happened?

In early 2015, Dunkin’, franchisor of Dunkin’ Donuts, was repeatedly alerted by its third-party app developer of unauthorized access on customer accounts that led to the exposure of shopper names, email addresses, 16-digit DD Perks account numbers and PINs. Many of these compromised accounts also held Dunkin’-branded stored value cards (DD cards) that could be used to purchase various baked goods and beverages. In under a week, the breach exposed nearly 20,000 shopper accounts, and criminals stole tens of thousands of dollars from customers’ DD cards.

According to the New York Attorney General’s Office, Dunkin’ franchisor of Dunkin’ Donuts, “failed to notify these customers of unauthorized access to their accounts, reset their account passwords to prevent further unauthorized access or freeze their DD cards.”

The company suffered similar attacks in 2018. “In November 2018 or February 2019, Dunkin’s security vendor had identified usernames and passwords, including yours, that were likely obtained through other companies’ security breaches (not through any compromise of Dunkin’s own internal systems) and were made available on the Internet,” reads a supplemental notice of data breach filed with the Attorney General’s Office. “Malicious actors used those usernames and passwords to obtain DD Perks account information, including stored value card numbers and PINs.”

On top of the $650,000 in penalties and costs to be paid to the State of New York, Dunkin’ must notify all impacted customers, reset account passwords, and provide refunds for unauthorized use of shopper DD cards. Additionally, the company must upgrade its security protocols to avoid future unauthorized access and follow data breach notification procedures in any future incidents.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach Gamers Should Still Take Precautions Despite No Evidence Of User Compromise in Electronic Arts Data Breach
Alina BÎZGĂ

September 16, 2021

3 min read
Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects Have you fallen victim to a data breach? Follow these six steps to protect against possible side effects
Alina BÎZGĂ

September 14, 2021

3 min read
7 Ways to Effectively Secure Your Digital Identity 7 Ways to Effectively Secure Your Digital Identity
Alina BÎZGĂ

September 13, 2021

4 min read