Dunkin Donuts has started notifying DD Perks customers that they might be the victim of a data breach. In a statement the company said “Although Dunkin’ did not experience a data security breach involving its internal systems, we’ve been informed that third-parties obtained usernames and passwords through other companies’ security breaches and used this information to log into some Dunkin’ DD Perks accounts,” Information that could have been accessible includes:
- First & last names
- Username
- DD Perks account number
- DD Perks QR Code
Dunkin Donuts was notified of the potential breach on October 31st, 2018. I feel like I’m having to say this way too often, but until the penalties for these types of breaches are increased they will continue to occur at an alarmingly rate.
Hat tip to DDG
Interestingly enough, my Panera account was broken into last week because I was using a recycled password on that site. They drained the gift card I had in the account with a Rapid PIck Up food order. Panera made good on it and restored the funds, but it was definitely a wake-up call for me to start using unique passwords, as much as a PIA that is.
love the dunkin donuts daily discussion perks…
Yeah doesn’t seem like a data breach to me.. seems like only customers who used the same password and username on other sites that have been breached are effected… regardless DD handles it well n notified customers just in case.
That probably explains why my rewards account was not showing any deals or points yesterday, when I was trying to redeem a free beverage. They reappeared hours later.
@DoC Can we get a tshirt printed with that slogan, please?
I wear a medium..
It sounds ike what they’re saying is peope who re-used usernames/passwords from other sites that got compromised may have used that to access DD? That doens’t seem much like a ‘data breach’ to me in that sense to me.
For what it’s worth, it seems like DD is doing this right — having monitored this, proactively notifying customers, resetting passwords and re-issuing gift card balances.
Yeah I agree, not a breach at all. I just assumed this happens all the time just about everywhere. The media likes FUD and will sell this as something worse than it is, and stupid media consumers will stop at the FUD-laden headline.
I don’t think that’s the case actually. I think it’s a third party provider that DD uses was breached.