Despite the vast amount of resources companies typically spend on thwarting hacking, it seems that we can’t even go a few weeks without a new company issuing a statement about some sort of security breach. The latest victim in this regard appears to be Dunkin’ Donuts, with the nationwide chain issuing a statement earlier today about a security breach involving its DD Perks program.
According to the statement, an unauthorized third-party in late October accessed information pertaining to the company’s DD Perks program. The working theory at the moment is that the hacker or hackers involved obtained usernames and passwords from a previous and unrelated security breach and subsequently tried to use said usernames and passwords to access any number of online accounts.
As far as security breaches go, the Dunkin’ Donuts incident at issue doesn’t appear to be particularly grave. Per the company, the information hackers were potentially able to access is limited to customer first and last names, email addresses, DD Perks account numbers, and DD Perks QR codes. Notably, Dunkin’ Donuts relays that its security vendor was able to stop most of the unauthorized attempts to access DD Perks information.
Upon being aware of the breach, Dunkin’ Donuts’ statement describes what steps they took next:
We immediately launched an internal investigation and have been working with our security vendor to remediate this event and to help prevent this kind of event from occurring in the future. As you know already, we forced a password reset that required all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password. We also have taken steps to replace any DD Perks stored value cards with a new account number, but retaining the same value that was previously present on those cards. We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident.
The company’s full press release on the matter can be viewed over here.