The lawsuit was filed by James in Cantona-based Dunkin after hackers hacked customers' online accounts with a series of attacks "Credential stuffing" or recurring, automated attacks to gain access to accounts using stolen usernames and passwords. THE infringement took place between 2015 and 2018.
According to James, the attack endangered thousands of customers' DD Perks cards, which were used by malicious agents to make purchases. The result was the theft of thousands of dollars from DD Perks cards.
Dunkin agreed to notify customers affected by the attacks, to restore them passwords and provide refunds for unauthorized use of their cards. The company will also pay a $ 650.000 fine.
"For years, Dunkin hid the truth and failed to protect it safety of her customers, who ended up paying the bill, "said James.
However, according to Dunkin, the incident affected "less than 1%" of members of DD Perks, a Dunkin rewards program.
The company also said it had taken appropriate security measures "long before" the lawsuit was filed.
The company said it had notified and reset the passwords for the "vast majority" of its New York-affected customers affected by the breach.
The company also stressed that invaders did not have access to credit card information.
"Dunkin digital customers can also be assured that we have taken steps to ensure that all stored cards associated with Dunkin accounts are secure and protected."
James accused Dunkin of failing to conduct the proper investigation after being "repeatedly warned" that access to customer accounts was inappropriate. It also said Dunkin failed to alert customers to unauthorized access to their accounts, reset passwords or freeze cards.