Security & Fraud

Dunkin’ Alerts DD Perks Account Holders That Hackers May Have Accessed Data

Dunkin’, the operator of Dunkin’ Donuts franchises, is alerting DD Perks rewards program account holders that its profiles and data may have been accessed by a hacker in October.

ZDNet, citing the company, reported Dunkin’ wasn’t the victim of a breach — but that it was the victim of credential stuffing attack, which is an automated attack.  “Third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts,” a Dunkin’ Donuts spokesperson told ZDNet. The report noted that Dunkin’ said it was notified about the attack from a security vendor it does business with and said it was successful in stopping “most of these attempts.” It did acknowledge that some login attempts may have succeeded, and thus sent the notification to account holders.

ZDNet noted that Dunkin’ didn’t say how many customers were impacted by the breach. Some of the information potentially obtained in the breach includes users’ first and last names, email address, DD Perks account numbers and DD Perks QR codes. Dunkin’ said the attack happened on October 31, and when it learned of it, it forced a password reset to all impacted accounts.  “We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident,” Dunkin’ said. ZDNet noted that accessing the DD Perks accounts, which are part of the company’s mobile app and let users gain points to receive free or lower-priced products, may seem pointless — but rewards program data is sold over the dark web.

In late September Dunkin’ Donuts announced that it has officially changed its name, and will now be known simply as Dunkin’.

As a result of the change, new branding was unveiled at its Global Franchisee Convention that recognizes its new name and focus on serving great coffee fast, while also embracing Dunkin’s heritage by keeping its signature pink and orange colors and iconic font.


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.


To Top