New York Sues Dunkin’ Donuts Over Hack Affecting Thousands of People

Dunkin’ Donuts is facing a lawsuit from the New York attorney general over its failure to disclose a data breach affecting nearly 20,000 people. The hack affected thousands of people signed up for the company’s “DD Perks” loyalty program. From a report: The lawsuit alleges that Dunkin’ Donuts failed to protect its customers, and knew about the cyberattacks for years before warning the public. In Dunkin’ Brand’s public notification from last November, it said that it learned about the hack on October 31, 2018, and warned its customers a month later. New York attorney general Letitia James said the company knew it was suffering cyberattacks as early as 2015, and violated the state’s data breach notification law. “Dunkin’ failed to protect the security of its customers,” James said in a statement. “And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin’ sat idly by, putting customers at risk.”