Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen – The DD Perk is a reward program for the company’s regular customers.
According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach was initially detected on October 31st forcing it to issue a password reset that required all of the potentially impacted DD Perks account holders to log out and log back into their account using a new password.
The company further added that the data breach was possible due to security breaches of third-party which allowed hackers to access usernames and passwords and using them to breach other accounts including Dunkin Donuts. It is noteworthy that this data can be used for phishing scams, therefore, protection from phishing scams is vital.
As for the stolen data, the company fears that hackers were able to steal first and last names of customers, email addresses and account information for DD Perks. However, it did not reveal the exact number of affected accounts.
“Although Dunkin’ did not experience a data security breach involving its internal systems, we’ve been informed that third-parties obtained usernames and passwords through other companies’ security breaches and used this information to log into some Dunkin’ DD Perks accounts,” the company said.
‘Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’,’ it said.
At the time of publishing this article; Dunkin Donuts’ website was down. However, the company has urged users to choose a strong and unique password. Dunkin Donuts data breach came just a day after Dell reset passwords for all Dell.com customers after suffering a security breach on November 9th.
Also, this is not the first time when Dunkin Donuts is making headlines for all the wrong reasons. In 2016, a dark web researcher reported that nearly 85 high profile US firms including Dunkin Donuts, Amazon and Apple Pay were attacked by Russia hacking group.