Dunkin' Data Breach Affects Loyalty Members
On Nov. 28, Dunkin' announced that it was notified by one of its security vendors that malicious third-parties – who had obtained usernames and passwords from other security breaches – used this information to log into some Dunkin' DD Perks accounts on October 31. The perk program has 9 million members.
The company specified that no internal systems were breached.
According to Dunkin', it was not the only company affected.
"These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet," it said in a statement on its website.
While the company's security vendor was successful in stopping most of these log-in attempts by the third-party, it is possible that the hackers gained access to some accounts. Information associated with those accounts include: name, email, password, loyalty number and/or DD Perks QR code.
The company immediately forced a password reset, that required all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password. It is also taking steps to replace DD Perks stored value cards with a new account number while retaining the same value previously present.
The company is working with law enforcement to help identify and apprehend the cyber security criminals responsible for this breach and recommends that all guests create unique passwords for all online accounts.