- Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.
- According to the New York Attorney General’s Office, Dunkin’ franchisor of Dunkin’ Donuts, “failed to notify these customers of unauthorized access to their accounts, reset their account passwords to prevent further unauthorized access or freeze their DD cards.”
- The company must upgrade its security protocols to avoid future unauthorized access and follow data breach notification procedures in any future incidents.
– Alina Bizga | September 22, 2020
