Customers of Dunkin Donuts that have a DD Perks loyalty account have been told that they may have had their names and email addresses stolen during a data breach.
Hackers obtained the information through other companies’ security breaches and used it to log into some Dunkin’ DD Perks accounts, the company has admitted.
Account numbers and DD Perks QR codes for customers may also have been accessed.
Dunkin’ Donuts is warning customers that information tied to their DD Perks accounts may have been stolen as part of a hack
‘We learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account,’ the company said in the notification.
The third-parties likely obtained usernames and passwords from security breaches of other companies, and then used the information to try to break in to various online accounts across the internet, Dunkin’ said.
The company said it also encouraged customers to use ‘unique passwords’ and not to reuse their DD Perks passwords for other online accounts.
‘Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’,’ it said.
DD Perks is Dunkin’s rewards program for frequent customers which hackers violated
The company said it had ‘forced a password reset that required all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password.’
Dunkin’ Donuts said the hackers were able to gain access to the information through security breaches at other organizations.
DD Perks is a mobile app rewards program that allows customers to skip lines with On-the-Go ordering and earn free beverages through points and on their birthday.
The company says it hasn’t experienced a breach of its internal systems.
Anyone with questions can contact Dunkin’ at 800-447-0013.
Gary Davis, Chief Consumer Security Evangelist at McAfee says there are a number of ways that consumers can protect their accounts.
‘First, we’d recommend that all Dunkin’ customers immediately change their passwords – not just for Dunkin’, but for all accounts where they used the same details. We always recommend using different passwords for every account, however our research shows that a third of people simply rotate between the same three passwords. A password manager can store and create secure passwords to ensure each online account utilizes a unique password.
‘While this specific breach does not compromise financial data, if a password is also used to protect a customer’s financial accounts, this personal data could be leveraged by hackers to obtain access to these financials. Therefore, we recommend proactively placing fraud alerts on credit files to ensure that any new or recent requests undergo scrutiny. This will protect consumers against the potential damage which could extend far beyond stealing a free coffee or donut.’