Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United States

New York Sues Dunkin' Donuts Over Hack Affecting Thousands of People (cnet.com) 30

Dunkin' Donuts is facing a lawsuit from the New York attorney general over its failure to disclose a data breach affecting nearly 20,000 people. The hack affected thousands of people signed up for the company's "DD Perks" loyalty program. From a report: The lawsuit alleges that Dunkin' Donuts failed to protect its customers, and knew about the cyberattacks for years before warning the public. In Dunkin' Brand's public notification from last November, it said that it learned about the hack on October 31, 2018, and warned its customers a month later. New York attorney general Letitia James said the company knew it was suffering cyberattacks as early as 2015, and violated the state's data breach notification law. "Dunkin' failed to protect the security of its customers," James said in a statement. "And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin' sat idly by, putting customers at risk."
This discussion has been archived. No new comments can be posted.

New York Sues Dunkin' Donuts Over Hack Affecting Thousands of People

Comments Filter:
  • by Notabadguy ( 961343 ) on Thursday September 26, 2019 @11:20AM (#59239610)

    It's a slam DUNK case. I'm sure it will be paid out in free donuts.

  • Why the fuck are you signing up for these "loyalty programs"? Don't you understand that this "loyalty" is a one-way street to having your privacy violated or worse? I mean, it's Dunkin fucking Donuts for chrissake. Do you really need to give up personal information to buy a cruller and a coffee? Does nothing about that seem slightly askew to you?

    • by pr0t0 ( 216378 )

      You cannot fix stupid. However, you can make the penalties for data breaches (not just disclosure of them) harsh enough that companies no longer find incentive to collect personal data.

      I could argue that companies can gather much useful data from tying items purchased, time of day, total sale, and a bunch of other metrics to an arbitrary bar code that itself is linked to no customer data. But then someone at that company will realize they can tie all of the credit card information to that bar code as well.

    • by twocows ( 1216842 ) on Thursday September 26, 2019 @12:24PM (#59239820)

      Why the fuck are you signing up for these "loyalty programs"?

      Because they offer rewards for buying items I would already buy anyway.

      Don't you understand that this "loyalty" is a one-way street to having your privacy violated

      I really don't care if Dunkin' Donuts is able to track my location so they can see when I'm near their store to push a notification of a deal. If I cared, I could put my phone in airplane mode or not carry a phone at all. There are more significant privacy issues to worry about, not the least of which is Android itself.

      or worse?

      Yeah, I'd probably care a bit about having my data disclosed, but considering Equifax already breached it without me even directly giving it to them, I probably have bigger problems.

      Do you really need to give up personal information to buy a cruller and a coffee?

      I don't consider my current location information worth withholding from Dunkin' Donuts or any other fast food place and they're willing to offer me stuff I do value in return. It's the same reason I use Bing: they give me Amazon credit for using their search engine to do searches I'd do anyway.

      Does nothing about that seem slightly askew to you?

      No. The only thing I see is that you seem to lack insight into how most people make value judgments.

      I'm not saying privacy doesn't matter, mind you. I'm saying certain things are more private than others. I don't want Dunkin' Donuts to know my social security number or mother's maiden name, so I don't give them that information. I don't care if they have my location data. I don't care if they have my email and a password that I don't use elsewhere. I do care that they might have my credit card info, but I usually choose not to save it in these kinds of apps and hope for the best; I'm not liable if my credit card's stolen under US law anyway.

      More than that, I definitely care if the 7th donut is free. So yeah, I'll sell them my location data for that; it seems like a fair trade to me.

      • More than that, I definitely care if the 7th donut is free. So yeah, I'll sell them my location data for that; it seems like a fair trade to me.

        It's adorable how you actually think you're getting that 7th donut for free.

    • Comment removed based on user account deletion
  • Remember, always get your donut cash from the shady guy hanging out in front of the donut store.

    Hmmm, this 20 is kind of greasy

  • This is a new low. Why would you give up personal information for discounted donuts??!?! If you are buying so many donuts that you need a discount program, then you are eating waay to many frieking donuts. I hope they spent the savings on a gym membership.

  • I'm really not understanding why a donut shop needs to store customer information at all. selling donuts doesn't require it at all. discount programs don't either. if you're selling donuts, and you're encouraging customers to buy donuts, then a sign, a poster, and a loyalty card is all you need. No database required.

    If, on the other hand, you're collecting customer information to sell customer information to non-donut-eating customers, well then that's a different story.

    Perhaps, the rules/laws/customs/c

  • I thought they dropped the doughnut (and then picked it up and put it back on the shelf).
  • You want a trade war? You got a trade war. Dunkin just has to stop selling donuts to police in New York.

  • Of all the terrible data breaches over the last 3 years, DD is the one they prosecute?

    If you are running a business these days the clear message is don't bother with security. It's expensive, and nobody cares if you mess up. I agree we have to make an example, but why a business with razor thin margins and minimum wage employees... why not LastPass... you know that company who's entire business was the security of your credentials?
    https://www.skyhighnetworks.co... [skyhighnetworks.com]

    • Of all the terrible data breaches over the last 3 years, DD is the one they prosecute?

      I guess something happened to frequent customers known as the NYPD!

    • Maybe because LastPass did the needful and actually implemented features to make it more secure ? I mean they didn't way cost vs security like most do ?

  • Criminals break in, steal records, make them public. Do we sue the store? No! We put the criminals behind bars!

    So what if the store had lax security. Now do we sue the store? Still no! The store is the victim here!

    Why do we keep suing victims of digital crime, instead of going after the perpetrators!

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...