Dunkin’ Settles With NY AG for $650,000 on Cyberattack
Dunkin’ Brands will pay $650,000 in fines and refund customers affected by cyberattacks that compromised tens of thousands of accounts, New York Attorney General Letitia James (D) announced Tuesday. From 2015 to 2018, it was “targeted in a series of…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
'credential stuffing attacks' -- repeated, automated attempts to gain access to accounts using usernames and passwords stolen through security breaches of other unrelated websites or online services,” James said. Tens of thousands of dollars were stolen from customer loyalty cards, she said: “For years, Dunkin’ hid the truth and failed to protect the security of its customers, who were left paying the bill.” The company is "continually updating and enhancing our security measures to address ever-evolving cyber security threats," a spokesperson emailed. "We use robust information security and data safeguards," and the breach affected less than 1% of loyalty card members.