Dunkin’ Donuts has disclosed that it became aware of a possible security breach on October 31.
The company said an outside source gained access to some of its DD Perks program customers’ usernames and passwords, as well as their DD Perks account number and DD Perks QR codes.
Hackers likely gained access to its customers’ private information through security breaches of other companies, the coffee and doughnuts chain said.
"We learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account," the company said in a notification to its rewards program customers.
"Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’," it said.
After learning of the breach, Dunkin’ said it "forced a password reset that required all of the potentially impacted DD Perks account holders to log out and log back in to their account using a new password." Dunkin’ encouraged customers to use “unique passwords” and not reuse passwords used for their other online accounts.
Dunkin’ said it launched an internal investigation into the issue, which revealed that its internal system "did not experience a data security breach."