Dunkin’ Donuts parent settles New York claims over cyberattacks

FILE PHOTO: The sign of a Dunkin' store, the first since a rebranding by the Dunkin' Donuts chain, is pictured ahead of its opening in Pasadena, California, U.S., August 2, 2017. (REUTERS/Mario Anzuoni/File Photo)


The parent of Dunkin’ Donuts on Tuesday reached a settlement with New York Attorney General Letitia James to resolve claims it failed to respond to “brute force” cyberattacks that compromised the online accounts of tens of thousands of customers.

James said the settlement requires Dunkin’ Brands Group Inc to notify affected customers and reset their passwords, provide refunds for unauthorized use of customers’ stored value cards, and improve safeguards against future attacks. It must also pay $650,000 in penalties and costs.

“It’s time to make amends and finally fill the holes in Dunkin’s’ cybersecurity,” James said in a statement.

Dunkin’ did not admit or deny liability in agreeing to settle. It did not immediately respond to a request for comment.

More from around NYC