The Canton, Mass., parent of Dunkin' Donuts and Baskin-Robbins ice cream fell 2% to $78.70 after New York Attorney General Letitia James alleged that it failed to protect customers when in 2015 it was hit by a wave of cyberattacks.
In a news release the attorney general faults Dunkin' Brands for "glazing over" the attacks by failing to notify nearly 20,000 customers their store card accounts had been hacked.
Dunkin' also failed to investigate the attacks, which would have enabled the company to understand whether other accounts had been compromised, which customer information had been exposed, and whether the hackers had stolen customer funds, the lawsuit contends.
While an exact figure was not provided, the attacks resulted in the loss of tens of thousands of dollars from the store cards of Dunkin' customers, James said.
The lawsuit was filed in New York State Supreme Court in Manhattan.
"Dunkin' failed to protect the security of its customers," James said in the statement. "And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin' sat idly by, putting customers at risk."
Dunkin' Brands could not immediately be reached for comment.
Save 57% During Our Fall Sale. Join Jim Cramer's Action Alerts PLUS investment club to become a smarter investor. Click here to sign up and save!