This is an archived article and the information in the story may be outdated. Please check the time stamp on the story to see when it was updated last.
If you go to Dunkin’ Donuts on a regular basis, you might want to make sure all of your DD account is secure.
A recent lawsuit against the coffee and donut chain revealed that Dunkin’ failed to keep their customer information safe in a cyberattack–or even notify customers of the situation.
Keep reading for all the details!
According to the suit, the chain did not notify its customers when hackers gains access to their DD accounts, downloaded their information, and sold it. Although the coffee chain did not admit or deny the accusations against them.
The attorney general's office explained, "Dunkin’ failed to take any steps to protect these nearly 20,000 customers — or the potentially thousands more they did not know about — by notifying them of unauthorized access, resetting their account passwords to prevent further unauthorized access, or freezing their DD cards."
Dunkin' settled the case earlier this month.
According to Reuters, "The parent of Dunkin’ Donuts on Tuesday agreed to upgrade its security protocols and pay $650,000 in fines and costs to settle a lawsuit by New York’s attorney general claiming it ignored cyberattacks that compromised the online accounts of tens of thousands of customers."
Reuters continues, explaining that according to with the settlement, Dunkin' will need to "notify customers affected by the attacks between 2015 and 2018, reset their passwords, and provide refunds for unauthorized use of their Dunkin’-branded stored value card."
Dunkin' made a statement to The Register, explaining that they had already enhanced security protocols before the suit: "Long before the New York Attorney General filed suit in this matter, Dunkin’ had voluntarily implemented or enhanced the security measures identified in today’s settlement."
"We did so not because we were required to by any regulatory or enforcement authority, but because we are committed to protecting our customers’ data. We are continually updating and enhancing our security measures to address ever-evolving cyber security threats, and we use robust information security and data safeguards," the statement continued.
