Dunkin’ would have to pay a $650,000 fine and develop incident response procedures under the settlement, which is subject to court approval. The company also would have to notify affected customers, reset their passwords, and refund any stored value cards used without permission.
The settlement shows how it can take companies years to resolve legal issues after they’ve been breached. Dunkin’ was hit with the attacks beginning in 2015.
“It’s time to make...