Dunkin Donuts, one of the renowned coffee & doughnuts brands of North America, has finally agreed to pay $650,000 as penalty and final settlement costs for the lawsuit that accuses the company for concealing multiple cyber attacks that took place between 2015 and 2018.
Reacting to a lawsuit filed in Manhattan Supreme Court, the New York’s Attorney General Letitia James alleged that Dunkin failed to inform the customers of cyber attacks that took place on its database on multiple occasions. And since the company kept its customers in dark, despite the several warnings issued by the company’s app developer, it was on the verge of facing a billion dollar fine.
However, Dunkin Donuts resolved the issue on an amicable note and has pledged to reimburse all the costs and the penalty accounting to $650,000 by this year’s end. Also, the company stated that it would upgrade all its security protocols as per the latest standards.
Note 1- In the year 2015, hackers launched automated credential stuffing attacks and brute force attacks to steal money from the accounts of Dunkin customers through the company’s app and website. As the company failed to take necessary Cybersecurity measures to prevent the cyber incidents, it was due to face a severe lawsuit where it could be penalized for billions.
Dunkin has also agreed to notify its customers about the cyber attack and will also make digital requests to them to reset their passwords. Also, to those who lost money on their Dunkin Brand Store Cards because of unauthorized transactions, their funds will be refunded by November end of this year.
Note 2– Dunkin’s penalty payment agreement is yet to be officially approved by the court.
