FILE PHOTO: The logo of Dunkin’ Donuts, it is to be seen in the city of Tbilisi, Georgia, on July 13, 2016. REUTERS/David Mdzinarishvili/File Photo
NEW YORK (Reuters) – The parent of Dunkin’ Donuts was sued on Thursday by the New York state Attorney General Letitia James, who has accused the chain of failing to protect hundreds of thousands of customers whose accounts were targeted in a series of “brute force” of cyber-attacks.
James said, Dunkin’ Brands Group Inc. didn’t do anything in 2015, it is to protect 19,715 customers whose accounts were targeted, on a five-day period, and after learning about the problem from their own app developers.
She said the Canton, Massachusetts-based company did not report it to the relevant customers of the breaches, and their passwords are reset to the freezing of their Dunkin’ Donuts cards.
James also said Dunkin’ is not the appropriate safeguards to limit future attacks, in spite of the client’s reports of a continuity of fraud on their accounts.
The error was on the pole at the end of 2018 when there are more than 300,000 customer accounts, has been opened in a new attack, James said in the lawsuit, which is related to accounts that have been created by the Dunkin ‘ website, or get the free mobile app.
“Dunkin’ had failed to protect the safety of our customers,” James said in a statement. “Dunkin’ sitting idly by, allowing customers to be in danger.”
The company did not immediately respond to a request for comment.
James’ lawsuit, filed in a New York state court in Manhattan, civil penalties, restitution and other remedies for alleged violations of state consumer protection regulations and legislation.
“Dunkin, the representative of the consumer and the reasonable precautions in order to protect consumers’ personal information, the company information on the 2018 and infringement were false and misleading,” the complaint said.
Reporting by Jonathan Stempel in New York; Editing by Lisa Shumaker