Report: Dunkin’ Brands faces suit over response to breach

An alleged failure by Dunkin’ Brands to promptly report a 2015 cyberattack may prove costly.

According to CNBC, the New York state attorney general is suing the fast-casual giant in relation to a series of data breaches that occurred in early 2015. Hackers were able to gain unauthorized access to funds from about 20,000 Dunkin’ stored value cards which customers had purchased online or via app. The cybercriminals were then able to use the cards to make purchases or illegally sell them, resulting in the loss of tens of thousands of dollars.

However, the attorney general’s suit accuses Dunkin’ of having known about the intrusion as early as May 2015, but not notifying customers or taking any corrective action, such as freezing funds or telling card owners to change their account passwords. The suit also alleges that in 2018, a vendor told Dunkin’ that it was able to gain access to more than 300,000 stored value card accounts, but the retailer only told affected customers there had been a failed attempt to hack into their accounts.

“Dunkin’ failed to protect the security of its customers,” New York Attorney General Letitia James said in a statement. “And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin’ sat idly by, putting customers at risk. My office is committed to protecting consumer data and holding businesses accountable for implementing safe security practices.”
 
Dunkin’ did not provide a comment to CNBC. Read the full article here.