On September 22, 2020, New York state Attorney General Letitia James announced a settlement with Dunkin’ Donuts wherein the coffee and doughnut company will pay $650,000 in penalties and costs after failing to respond to credential stuffing attacks between 2015 and 2018.
The settlement requires Dunkin’ to reset passwords and restore funds on stored value cards that had been compromised by attackers who used “usernames and passwords stolen through security breaches of other unrelated websites or online services” to access customer accounts.
Read more at the NY Office of the Attorney General
View a related article: NY State Sues Dunkin’ Donuts in the Wake of Two Data Breaches