Fast-casual giant indirectly targeted in data breach
Dunkin’ Brands is the newest company to be caught up in a cyber attack—however, not one that directly targeted its internal systems.
The fast-casual giant learned that “third parties” have been using its loyalty members’ user names and passwords to log into some Dunkin’ DD Perks accounts. The cyber-thieves gained access to customers’ first and last names, email address (which are used as user names), members’ 16-digit DD Perks account number, and DD Perks QR codes through other companies’ security breaches, according to the company’s website.
Dunkin learned about the incident from a security vendor that noticed on Oct. 31 a third party was making fraudulent attempts to log into DD Perks accounts. They were targeting members that used the same username and password for accounts unrelated to Dunkin’.
While the company didn’t disclose a specific number, Dunkin’ revealed that “only a small percent” of accounts were possibly affected, according to CNBC.
Upon learning about the incident, Dunkin’ immediately launched an internal investigation. Dunkin’ reported the incident to law enforcement and continues to cooperate with officials “to help identify and apprehend” those those responsible for the incident. The company also continues to work with its security vendor “to remediate the event and to help prevent this kind of event from occurring in the future,” according to Dunkin’.
All impacted DD Perks account holders were directed to log out and log back in to their account using a new password. The company has also taken steps to replace any DD Perks stored value cards with a new account number, but all stored value has been retained on the accounts.
This is the latest data breach to hit the industry. In October, hackers targeted Nordstrom databases and pilfered the personal data of current and past employees.
Other retailers targeted by cyber-thieves this year include Hudson’s Bay Co.’s Saks, Saks Off Fifth and Lord & Taylor brands, Best Buy, Panera Bread, Sears Holdings, and Under Armour.
No comments found