The Attorney General also says the company has even failed to adopt safeguards and implement better security to mitigate future breaches.
Dunkin’, more widely known as Dunkin’ Donuts, is being sued by New York Attorney General Letitia James for failing to protect its customers from a brute force cyberattack. The company was hit by a cyberattack back in 2015 in which 19,715 customers had their accounts targeted through the Dunkin’ app.
New York is claiming that the company did nothing when they found out about the breach. They claim Dunkin’ never bothered to notify the customers affected nor did they reset their passwords. It’s also claimed that the company could have but didn’t freeze the customers Dunkin’ cards.
The Attorney General also says the company has even failed to adopt safeguards and implement better security to mitigate future breaches. It is also claimed that customers have reported continued fraud on their accounts since the attacks.
That failure came to roost in late 2018 when more than 300,000 customer accounts were accessed in new attacks, James said in the lawsuit, which concerns accounts created through Dunkin’s website or free mobile app.
“Dunkin’ failed to protect the security of its customers,” James said in a statement. “Dunkin’ sat idly by, putting customers at risk.”
“Dunkin’s representation to consumers that it used reasonable safeguards to protect consumers’ personal information, and the company’s statements concerning the 2018 breach, were false and misleading,” the complaint said.
The company has been working to change its marketing image, first dropping the Donuts off their name and second by adopting new Starbucks like drinks. The company is also revamping many of its stores giving them a facelift. They are also changing their menus and offering fewer donuts and more sandwiches and other food. It’s obvious they are targeting their big competitor, Starbucks, but this lawsuit could put a wrench in things for the company.