New York Attorney General Letitia James has filed a lawsuit against the popular Dunkin’ Donuts. The AG has accused the company of violating the state’s data breach notification statute.
According to the lawsuit, the company had failed to notify those who were affected by a data breach which happened in 2015. The lawsuit was also served to the company for not notifying the customers accurately about another series of cyberattacks that happened last year.
In 2015, thousands of customer accounts were affected by brute force attacks. During this attack, roughly 20,000 accounts were compromised over a period of five days. The attack apparently carried on for months, so, it is being said that the number could be higher. The cybersecurity incident caused thousands of dollars worth losses to the customers.
The AG said that the company did not take any action even when a third-party app developer working for the company notified it of the breach.
The lawsuit further stated how the customers were kept in the dark on the full extent of the 2018 cyberattacks. The AG has sued the coffee/donut company demanding that the company be penalized and the customers to be compensated for the losses caused.