Dunkin’ customers now have something slightly more pressing to worry about than getting the wrong football-themed cups.
In a statement posted to its website, Dunkin’ Brands has confirmed that its security vendors informed the company of a data breach on Oct. 31 that may have allowed a third party to obtain “usernames and passwords” for Dunkin’s DD Perks members.
Dunkin’ also clarified that its own security was not breached, but rather that the usernames and passwords were obtained via “security breaches of other companies.”
The company said its own security blocked most unauthorized attempts to access the DD Perks member accounts, but admitted it was “possible” that some were not. Depending on what information each specific user had in their profile, third parties may have been able to access customers’ email addresses, account IDs, and first and last names, the chain said.
Dunkin’ “immediately” took action to prevent similar breaches in the future, the statement said, but advised DD Perks members to create “unique passwords” if they had not already done so during a forced password reset Dunkin’ required following the incident.
“We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident,” the chain wrote.