Dunkin’ is giving a heads-up to its customers that a cybersecurity incident may have comprimised some DD perks accounts.
A DD perks card allows people to add money to the card for Dunkin’ purchases.
“Although Dunkin’ did not experience a data security breach involving its internal systems, we’ve been informed that third-parties obtained usernames and passwords through other companies’ security breaches and used this information to log into some Dunkin’ DD Perks accounts,” Dunkin Brands said in a statement.
It learned of the incident on Halloween from one of its security vendors that a third-party vendor attempted to log into DD Perks accounts.
“We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet.”
What information was involved?
The information involved depends on what you had in your DD Perks account.
Information these third-parties may have been able to access includes:
Your first and last names, email address (username), and your 16-digit DD Perks account number and your DD Perks QR code.
What Dunkin’ is doing
“We immediately launched an internal investigation and have been working with our security vendor to remediate this event and to help prevent this kind of event from occurring in the future. As you know already, we forced a password reset that required all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password.
“We also have taken steps to replace any DD Perks stored value cards with a new account number, but retaining the same value that was previously present on those cards. We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident.”
What you can do
“As always, we strongly recommend that our guests create unique passwords for their DD Perks accounts, and do not reuse passwords used for their other unrelated online accounts.
Need more information?
Visit dunkindonuts.com or call Consumer Care at (800) 447-0013 between 7 a.m. and 7 p.m. EST, Monday through Friday.