State of New York vs. Dunkin Donuts: A Cybersecurity Drama

New York Attorney General is suing Dunkin Donuts, claiming the breakfast brand did nothing to protect customer data which was hacked in 2015.

CI Staff Leave a Comment
State of New York vs. Dunkin Donuts: A Cybersecurity Drama

If you’re not in the Northeast, you might not understand… though, hopefully, data security means something to you, no matter where you are from: the parent company of Dunkin’ Donuts was recently sued by New York Attorney General Letitia James, who accuses the breakfast chain of failing to protect thousands of customers whose accounts were the target of what a Reuters report called “brute force” cyberattacks.

The Attorney General for New York says the company didn’t do anything in 2015 to protect the data of 19,715 customers who were the victims of a five-day attack.

According to James’ claim, Dunkin did nothing, despite having been told by its own app developer that there was a problem. She said Dunkin’ didn’t notify the customers, freeze their company loyalty cards, or reset any passwords.

But James also claimed Dunkin’ didn’t adopt the right procedures to prevent any further attacks, even though there were more reports of fraud on customer accounts.

In 2018, over 300,000 customer accounts were compromised in different attacks, and James said this was the result of negligence.

“Dunkin’ failed to protect the security of its customers,” James said in a statement. “Dunkin’ sat idly by, putting customers at risk.”

The company did not immediately respond to a request for comment to Reuters’ report.

Read Next: If the U.S. Government is Hesitant About 5G Network Security, Should Integrators Be Nervous, Too?

While this probably won’t stop many loyal Northeasterners from getting their joe from Dunkin’, it should make integrators think twice about this lawsuit as an opportunity. Perhaps Dunkin’ would have been better off if they had a technology partner willing to sell managed services which include security checks and data.