Serviceteam IT Security News

New York is suing Dunkin’ for allegedly failing to inform its customers of multiple cyber-attacks that compromised customer accounts.

According to the lawsuit, filed in state Supreme Court in Manhattan, money was stolen by cyber-criminals, who hacked into the online accounts of 20,000 Dunkin’ customers in 2015. New York further alleges that Dunkin’ didn’t disclose to its customers full details of a cyber-attack that affected 300,000 customer accounts in 2018.

The lawsuit states: “In 2015, Dunkin’s customer accounts were targeted in a series of online attacks. During this period, attackers made millions of automated attempts to access customer accounts. Tens of thousands of customer accounts were compromised. Tens of thousands of dollars on customers’ stored value cards were stolen.”

During the summer of 2015, Dunkin’s app developer repeatedly alerted Dunkin’ to ongoing attempts by hackers to log in to customer accounts and provided the company with a list of 19,715 accounts that had been compromised over just a sample five-day period, but the donut-seller failed to tell customers, according to the lawsuit.   

Dunkin’ chief communications officer Karen Raskopf told Infosecurity Magazine that there was no credence to the claims being made in the lawsuit.

In an emailed statement to Infosecurity Magazine, Raskopf said: “There is absolutely no basis for these claims by the New York Attorney General’s Office. For more than two years, we have fully cooperated with the AG’s investigation into this matter, and we are shocked and disappointed that they chose to move ahead with this lawsuit given the lack of merit to their case. 

“The investigation centered on a credential stuffing incident that occurred in 2015, in which third parties unsuccessfully tried to access approximately 20,000 Dunkin’ app accounts. The database in question did not contain any customer payment card information. 

“The incident was brought to our attention by our then-firewall vendor, and we immediately conducted a thorough investigation. This investigation showed that no customer’s account was wrongfully accessed, and, therefore, there was no reason to notify our customers.”  

Dunkin’ Brands, Inc. has 8,000 Dunkin’ restaurants across America, a thousand of which are in New York.  

“We take the security of our customers’ data seriously and have robust data protection safeguards in place. We look forward to proving our case in court,” said Raskopf.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!