NEW YORK (CBSNewYork) – New York’s Attorney General Letitia James announced Tuesday a settlement has been reached in a lawsuit against Dunkin’ over a 2015 security breach.
The company was accused of failing to notify nearly 20,000 customers that their accounts had been compromised.READ MORE: Broadway Theaters Can Reopen At 100% Capacity On Sept. 14, Gov. Cuomo Says
The lawsuit also claimed Dunkin’ failed to investigate what customer information was taken.
The company has agreed to refund customers, protect against future attacks, and pay $650,000 in penalties.READ MORE: Car Thieves Increasingly Burglarizing Union County Homes For Key Fobs Left In Plain View Near The Door
“For years, Dunkin’ hid the truth and failed to protect the security of its customers, who were left paying the bill,” said James. “It’s time to make amends and finally fill the holes in Dunkin’s’ cybersecurity. Not only will customers be reimbursed for lost funds, but we are ensuring the company’s dangerous brew of lax security and negligence comes to an end.”
Under the terms of the settlement, Dunkin’ is required to:MORE NEWS: Young Fencers Chasing Their Olympic Dreams At New Jersey's Advance Fencing And Fitness Academy
- Customers who had a registered DD card: To the extent it has not already done so, Dunkin’ will reset the password of each New York customer impacted in an attack who had a DD card registered to their account at the time and notify these customers that their accounts were, or may have been, accessed. Dunkin’ will also notify these customers that they are eligible for a refund for any fraudulent activity that resulted from an attack.
- Customers will have 90 days to contact Dunkin’ by calling (800) 447-0013 or by emailing email@example.com to request copies of their account records and report fraudulent activity.
- Customers who did not have a registered DD card: To the extent it has not already done so, Dunkin’ will reset the password of each New York customer impacted in an attack who did not have a DD card registered to their account at the time and inform the customer that their account was, or may have been, accessed.
You can get the latest news, sports and weather on our brand new CBS New York app. Download here.