CANTON, Mass. - — Regular Dunkin' Donuts customers have been alerted to a security breach that exposed some of their personal information, according to a release from the Canton-based company.
The company said "third-parties obtained usernames and passwords" of DD Perks members.
Some of the reusable card account numbers were exposed, so the company says it has already made efforts to switch the 'stored value cards' with new numbers.
The company sent the following information:
What Happened?
On October 31, 2018, we learned from one of our security vendors that a third-party may have
attempted to log in to your DD Perks account. We believe that these third-parties obtained
usernames and passwords from security breaches of other companies. These individuals then used
the usernames and passwords to try to break in to various online accounts across the Internet. Our
security vendor was successful in stopping most of these attempts, but it is possible that these
third-parties may have succeeded in logging in to your DD Perks account if you used your DD
Perks username and password for accounts unrelated to Dunkin'.
What Information Was Involved?
The information involved depends on what you had in your DD Perks account.
Information these third-parties may have been able to access includes:
- Your first and last names,
- Email address (username), and
- Your 16-digit DD Perks account number and your DD Perks QR code
What We Are Doing
We immediately launched an internal investigation and have been working with our security
vendor to remediate this event and to help prevent this kind of event from occurring in the future.
As you know already, we forced a password reset that required all of the potentially impacted DD
Perks account holders to log out and log back in to their account using a new password. We also
have taken steps to replace any DD Perks stored value cards with a new account number, but
retaining the same value that was previously present on those cards. We also reported the incident
to law enforcement and are cooperating with law enforcement to help identify and apprehend
those third-parties responsible for this incident.
What You Can Do
As always, we strongly recommend that our guests create unique passwords for their DD Perks
accounts, and do not reuse passwords used for their other unrelated online accounts. In addition,
attached please find "Information about Identity Theft Protection." It includes steps you can take to help
protect yourself against identity theft.
For More Information
If you have questions or concerns, please refer to dunkindonuts.com or call Consumer Care at 800-
447-0013 during the following hours: Monday — Friday between 7 a.m. and 7 p.m. EST.
Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/XCUXZC2XYZHCRGNNGKFEX6U3LQ.png)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/72XVJX3SZRAAPLH3ALVLJFZQQU.png)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/V2UNDN7CQZFI7ATKULTSY2ETVQ.jpg)
:quality(70)/d1hfln2sfez66z.cloudfront.net/04-23-2024/t_9a8951a7f0cf4c578043ec3038dcdcfb_name_murrysville_medic_fire_photo_9.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/34L7ZWLLYBDGRF3JPK4AJWJDGE.png)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/BPOXSEBLX5EHTCH5PGKKJRMFJU.png)