Security News > 2020 > September > Dunkin' Donuts drops some dough to glaze over lawsuit accusing it of covering up customer account hacks

Dunkin' Donuts drops some dough to glaze over lawsuit accusing it of covering up customer account hacks
2020-09-15 21:33

Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015.

"Long before the New York Attorney General filed suit in this matter, Dunkin' had voluntarily implemented or enhanced the security measures identified in today's settlement," Dunkin' said in a statement to The Register.

The case goes back five years, when hackers used credential-stuffing to break into customer accounts.

"The app developer even provided Dunkin' with a list of nearly 20,000 accounts that had been compromised by attackers over just a sample five-day period."

"Yet, Dunkin' failed to conduct an investigation into the attacks to identify other customer accounts that had been compromised, determine what customer information had been acquired, or whether customer funds had been stolen."


News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/15/dunkin_donuts_cooks_up_deal/