image credit: pixabay
Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.
What happened?
In early 2015, Dunkin’, franchisor of Dunkin’ Donuts, was repeatedly alerted by its third-party app developer of unauthorized access on customer accounts that led to the exposure of shopper names, email addresses, 16-digit DD Perks account numbers and PINs. Many of these compromised accounts also held Dunkin’-branded stored value cards (DD cards) that could be used to purchase various baked goods and beverages. In under a week, the breach exposed nearly 20,000 shopper accounts, and criminals stole tens of thousands of dollars from customers’ DD cards.
