- Under the New York settlement with Dunkin’ Brands, which is the franchiser of 12,900 Dunkin’ outlets and 8,000 Baskin-Robbins stores worldwide, the company must refund money to about 20,000 New York customers affected by a 2015 data breach and also pay $650,000 in fines.
- The settlement requires Dunkin’ to reset the password on any New York customer cards registered during the affected period and notify customers who are eligible for a refund for any fraudulent activity on their card resulting from the data breach.
- Dunkin’ must also maintain reasonable safeguards to protect against credential stuffing attacks.
– Doug Olenick | September 17, 2020
