September 21, 2020

Dunkin' Donuts Settles Data Breach Lawsuit

Beginning in early 2015, Dunkin’ customers’ online accounts were targeted in a series of “credential stuffing attacks” — repeated, automated attempts to gain access to accounts using usernames and passwords stolen through security breaches of other unrelated websites or online services.

Fausto Oliveira, Principal Security Architect at Acceptto, notes, “The fact that the attacks went unaddressed for a few years causes some surprise. The executive management team should have understood that accruing risk is not an economical solution.

Read the full Security Magazine article here