Dunkin' Donuts parent settles New York cyberattack lawsuit, is fined

By Jonathan Stempel NEW YORK (Reuters) - The parent of Dunkin' Donuts on Tuesday agreed to upgrade its security protocols and pay $650,000 in fines and costs to settle a lawsuit by New York's attorney general claiming it ignored cyberattacks that compromised the online accounts of tens of thousands of customers. Attorney General Letitia James said Dunkin' Brands Group Inc will notify customers affected by the attacks between 2015 and 2018, reset their passwords, and provide refunds for unauthorized use of their Dunkin'-branded stored value cards.

Reuters September 16, 2020 00:05:41 IST
Dunkin' Donuts parent settles New York cyberattack lawsuit, is fined

Dunkin Donuts parent settles New York cyberattack lawsuit is fined

By Jonathan Stempel

NEW YORK (Reuters) - The parent of Dunkin' Donuts on Tuesday agreed to upgrade its security protocols and pay $650,000 in fines and costs to settle a lawsuit by New York's attorney general claiming it ignored cyberattacks that compromised the online accounts of tens of thousands of customers.

Attorney General Letitia James said Dunkin' Brands Group Inc will notify customers affected by the attacks between 2015 and 2018, reset their passwords, and provide refunds for unauthorized use of their Dunkin'-branded stored value cards.

The settlement resolves a civil lawsuit filed last Sept. 26 in a New York state court in Manhattan, and requires a judge's approval.

Dunkin' did not admit or deny wrongdoing.

The case arose after hackers began in early 2015 using previously stolen user names and passwords to conduct automated "brute force" and "credential stuffing" attacks, and steal tens of thousands of dollars from accounts created through Dunkin's website or free mobile app.

James said the Canton, Massachusetts-based company did nothing for years to address the compromised accounts despite repeated alerts from its own app developer, including when it identified 19,715 customers targeted over a five-day period.

The attorney general also said Dunkin' failed to adopt safeguards against future attacks despite reports of continuing fraud. She said that came to roost in late 2018, when more than 300,000 customer accounts were accessed in new attacks.

"For years, Dunkin' hid the truth and failed to protect the security of its customers, who were left paying the bill," James said. "It's time to make amends and finally fill the holes in Dunkin's' cybersecurity."

In a separate statement, Dunkin' said the cyberattacks potentially affected less than 1% of its Perks Loyalty members, and the hackers had no access to credit card information.

"We have taken steps to make sure that any stored value cards associated with [digital customers'] accounts are protected and secure," it added.

(Reporting by Jonathan Stempel in New York; Editing by Tom Brown)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Updated Date:

TAGS:

also read

Rockets hit near U.S. forces and contractors in Iraq in separate attacks -officials
World

Rockets hit near U.S. forces and contractors in Iraq in separate attacks -officials

BAGHDAD (Reuters) - Rockets hit near U.S. forces and contractors in Iraq on Wednesday, including an air base north of Baghdad and a military base at Baghdad International Airport, the Iraqi army and security officials said. The army reported at least three rockets hit Balad air base, where U.S

Italian police probe subcontractor to Burberry over labour exploitation -warrant
World

Italian police probe subcontractor to Burberry over labour exploitation -warrant

By Silvia Ognibene and Silvia Aloisi FLORENCE, Italy (Reuters) -Italian police have arrested a Chinese couple accused of running a leather goods business which exploited immigrant workers it employed to make handbags for a Burberry supplier, according to an arrest warrant seen by Reuters. Tax police in Florence said in a statement that the two Chinese nationals were arrested on Wednesday as part of an investigation into alleged labour exploitation and tax fraud and that restrictive measures had been imposed on two other family members, including a ban on them leaving Italy

U.S. blacklists four Nicaraguans, including Ortega's daughter
World

U.S. blacklists four Nicaraguans, including Ortega's daughter

WASHINGTON (Reuters) - The United States on Wednesday blacklisted four Nicaraguans, including a daughter of President Daniel Ortega, as Washington warned it would continue to use diplomatic and economic tools against members of the leftist government engaged in repression. The U.S. State Department called on Ortega to release detained presidential candidates as well as other civil society and opposition leaders arrested over the past week in what Washington called "an increasing wave of repression." "There are costs for those who are complicit in the regime's repression.