A Dunkin' Donuts coffee and donut are seen lying on a table. PHOTO: REUTERS
James said Dunkin’ Brands Group Inc did nothing in 2015 to protect 19,715 customers whose accounts had been targeted in a single five-day period, after learning about the problem from its own app developer.
She said the Canton, Massachusetts-based company failed to notify affected customers of the breaches, reset their passwords or freeze their Dunkin’ Donuts cards.
400 million Facebook users' phone numbers exposed in privacy lapse
James also said Dunkin’ failed to adopt appropriate safeguards to limit future attacks, despite customer reports of continuing fraud on their accounts.
That failure came to roost in late 2018 when more than 300,000 customer accounts were accessed in new attacks, James said in the lawsuit, which concerns accounts created through Dunkin’s website or free mobile app.
“Dunkin’ failed to protect the security of its customers,” James said in a statement. “Dunkin’ sat idly by, putting customers at risk.”
The company did not immediately respond to a request for comment.
Facebook launches tool to let users control data flow
James’ lawsuit filed in a New York state court in Manhattan seeks civil fines, restitution and other remedies for alleged violations of state consumer protection and business laws.
“Dunkin’s representation to consumers that it used reasonable safeguards to protect consumers’ personal information, and the company’s statements concerning the 2018 breach, were false and misleading,” the complaint said.
1732347751-0/Express-Tribune-(1)1732347751-0-270x192.webp "hyundai recalls over 145 000 electric vehicles in us")
1732264554-0/Copy-of-Untitled-(68)1732264554-0-270x192.webp "paypal global outage technical issue resolved")
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ