MONTH-IN-BRIEF (Sep 2020)
Data Privacy
Dunkin’ and NY AG Resolve Breach Claims
By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP
The New York Attorney General and Dunkin’ Brands, Inc., recently reached a settlement to resolve a New York state court complaint that Dunkin’ violated state consumer protection and data breach laws in connection with incidents in 2015 and 2018 that compromised the data relating to thousands of Dunkin’s rewards program members. New York v. Dunkin’ Brands, Inc., No. 451787/2019 (NY Supr. Ct.). Dunkin’ has agreed to maintain a comprehensive security program that includes reasonable measures to protect against brute force attacks. The company also must promptly investigate suspicious events and notify customers when their accounts are logged into by unauthorized third parties, reset their passwords, and refund amounts to rewards cards that were subject to unauthorized use. Dunkin’ also will pay $650,000 in penalties and costs to the state.
