Beginning in early 2015, hackers accessed money stored on Dunkin’ value cards of nearly 20,000 customers who created accounts through Dunkin’s website and mobile apps. An attacker that gained access could use the card to make purchases or sell the cards online. In a matter of months, tens of thousands of dollars were stolen, the attorney general said.
The lawsuit alleges that employees at Dunkin’ were aware of the attacks through customer reports by May 2015, and a third-party app developer provided Dunkin’ with a list of 19,715 accounts that were hacked. However, Dunkin’ did not notify the customers of the attack and did not take steps to protect the accounts such as freezing the money in the accounts or resetting account passwords, the attorney general’s office said in a press release.
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedIn