On October 1, 2019, the New York State Attorney General’s Office filed a lawsuit against Dunkin’ Donuts over the company’s cybersecurity practices, in the wake of two security breaches.
According to the lawsuit, Dunkin’ allegedly violated New York’s consumer protection laws by failing to notify nearly 20,000 customers of a cyberattack in 2015, and failing to fully inform over 300,000 customers of another data breach in 2018.