New York Attorney General Announces Data Breach Settlement with Dunkin’ Donuts

    On September 22, 2020, New York state Attorney General Letitia James announced a settlement with Dunkin’ Donuts wherein the coffee and doughnut company will pay $650,000 in penalties and costs after failing to respond to credential stuffing attacks between 2015 and 2018.

    The settlement requires Dunkin’ to reset passwords and restore funds on stored value cards that had been compromised by attackers who used “usernames and passwords stolen through security breaches of other unrelated websites or online services” to access customer accounts.

    Read more at the NY Office of the Attorney General

    View a related article: NY State Sues Dunkin’ Donuts in the Wake of Two Data Breaches

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.