On September 15, 2020, Fox Business reported the conclusion of a lawsuit against Dunkin’ Donuts regarding data security breaches. According to reports, the famous donut company failed to protect the information of their consumers registered to their online database.  

According to news, the company is not just to reimburse all their affected consumers but is also obliged to pay a fine of a whopping $650,000. Since 2015, there have been reports of cyberattacks to several Dunkin’ customers. Reports show that cybercriminals were able to steal thousands of dollars from the customers due to unauthorized use of their Dunkin’ Donuts value cards. 

Attorney General Letitia James that the company failed to respond to reported cyber-attacks on their database. Even their developer notified them, but no actions were taken, said the reports. They failed to implement necessary precautions to prevent subsequent attacks, which resulted in the attacks continuing for about 5 years. The Attorney General also announced that Dunkin’ Donuts will undergo a massive cybersecurity overhaul to cope up with security standards and prevent this from happening again.

A Lesson to be Learned

Based on the reports, Dunkin’s case is a case of gross negligence. It could have been prevented if the company responded to initial attacks, revamped their cyber defenses, and coordinated with their affected customers. The said attack did not only cost Dunkin’ Donuts $650,000 plus the reimbursement to affected customers. It also caused them valuable consumer trust, stock market price drop, bad publicity, and morale drop. It caused them more than they could imagine.

There are two things that we will learn from what happened. First is that cybercriminals will attack whatever and whenever they can. Who could have thought that a simple donut store will be subject to thousands, even millions of dollars-worth of cyber-attacks? The second lesson is ignorance and negligence are expensive, not just financially but also socially. I think, apart from the fine, the damage it caused to the company’s morale is more expensive.

This proves that every company is vulnerable in every way, but ignorance is like inviting attackers to attack you. May this serve a lesson for us all. Never ignore cyberattacks. Always pay attention to your security. Seek professional and expert help.

According to reports, credential stuffing is one of the methods used to attack Dunkin’ Donuts. They could have prevented hackers from using bots in spamming their websites with stolen credentials if they paid enough attention to it. May this serve a lesson for us all.

If you are looking or would want to know more about Data Security & Vulnerability Services, feel free to contact us at + 1 (213) 257-1044 for free consultation.