Lawsuit filed against Dunkin' Donuts over security breaches

By The Associated Press | Updated - Sept. 26, 2019 at 2:49 p.m. | Posted - Sept. 26, 2019 at 11:07 a.m.

 

1 photo
Save Story

Estimated read time: 2-3 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

NEW YORK (AP) — Dunkin' Donuts failed to notify almost 20,000 customers across the U.S. about cyberattacks on their accounts in 2015 and inadequately warned more than 300,000 customers about another hacking attack in 2018, New York's attorney general said in a lawsuit announced Thursday.

"Dunkin' failed to protect the security of its customers," Attorney General Letitia James said in a statement. "And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin' sat idly by, putting customers at risk."

According to the lawsuit, filed in state Supreme Court in Manhattan, the company knew in 2015 that a series of attacks had been made on customers' online accounts, with attackers able to steal money customers had stored for use at Dunkin' stores. But it said the company didn't inform the customers or fully investigate.

The suit also accuses Dunkin' of keeping customers in the dark about the full extent of 2018 cyberattacks, by only intimating attempts had been made to access accounts but not that accounts had been breached.

Dunkin' Brands Inc. strongly pushed back against James' contentions.

"There is absolutely no basis for these claims by the New York Attorney General's Office. For more than two years, we have fully cooperated with the AG's investigation into this matter, and we are shocked and disappointed that they chose to move ahead with this lawsuit given the lack of merit to their case," Dunkin' chief communications officer Karen Raskopf said in an emailed statement.

She said that during the 2015 incident, an investigation showed no customer account had been wrongfully accessed and there was no reason to inform customers.

New York has a law requiring business to notify customers about certain types of cybersecurity breaches. More than 2,000 of the customers affected by the 2015 breach were in New York.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Photos

Most recent Business stories

Related topics

Business
The Associated Press

    STAY IN THE KNOW

    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.
    Newsletter Signup

    KSL Weather Forecast

    KSL Weather Forecast
    Play button
    Mobile Apps | Newsletter | Advertise | Contact Us | Careers with KSL.com | Product Updates
    Terms of use | Privacy Statement | DMCA Notice | Manage My Cookies | EEO Public File Report | KSL-TV FCC Public File | KSL FM Radio FCC Public File | KSL AM Radio FCC Public File | Closed Captioning Assistance
    © 2026 KSL.com | KSL Broadcasting Salt Lake City UT | Site hosted & managed by Deseret Digital Media - a Deseret Media Company