Dunkin’ Brands agrees to refund money to about 20,000 New York customers affected by a 2015 data breach. The company must also pay $650,000 in fines, according to a settlement document. The states lawsuit stemmed from a 2015 incident in which Dunkin was hit with a series of credential stuffing attacks targeting customer DD awards cards across the U.S. The cards also include customer information, such as name, email address, 16-digit DD Perks account number, PIN and, in some cases, account balances.”]
Source: https://www.govinfosecurity.com/dunkin-data-breach-settlement-paves-way-for-more-suits-a-15012