New York Attorney General (AG) Letitia James has sued Dunkin’ Brands, Inc. (franchisor of Dunkin’ Donuts) over two data breaches in 2015 and 2018, accusing the company of mishandling a series of cyberattacks that together compromised more than 320,000 customer accounts.

In the complaint filed last week, AG James accused Dunkin’ of engaging in fraudulent practices and false advertising by misrepresenting to consumers the nature of the cyberattacks. The complaint goes on to allege that Dunkin’, by failing to notify consumers of the breaches or to take sufficient steps to investigate and safeguard consumer data, violated not only its internal data security procedures but also New York data breach notification and consumer protection laws.

The Dunkin’ lawsuit is just one of the latest examples of how the attorney general’s office is making cybersecurity a priority. To read more on New York attorney general’s recent data enforcement efforts and our recommendations for compliance, click here.