NEW YORK (Reuters) – The parent of Dunkin’ Donuts on Tuesday reached a settlement with New York Attorney General Letitia James to resolve claims it failed to respond to “brute force” cyberattacks that compromised the online accounts of tens of thousands of customers.
James said the settlement requires Dunkin’ Brands Group Inc to notify affected customers and reset their passwords, provide refunds for unauthorized use of customers’ stored value cards, and improve safeguards against future attacks. It must also pay $650,000 in penalties and costs.
“It’s time to make amends and finally fill the holes in Dunkin’s’ cybersecurity,” James said in a statement.
Dunkin’ did not admit or deny liability in agreeing to settle. It did not immediately respond to a request for comment.
(Reporting by Jonathan Stempel in New York; Editing by Tom Brown)