Dunkin' is notifying certain DD Perks account holders that their accounts may have been compromised.
In a statement, Dunkin' Brands said they were notified by one of their security vendors that an outside source might have obtained DD Perks account holders' usernames and passwords through other companies or organizations' security breaches.
The company said its internal systems "did not experience a data security breach."
Dunkin' said it learned of the issue on Oct. 31. It said the individuals who obtained the usernames and passwords used them to try to break into various online accounts across the internet. Dunkin' said its security vendor was able to stop most of these attempts.
The company said it has sent notification letters to DD Perks account holders who may have experienced unauthorized access to their accounts. DD Perks is a customer loyalty program that allows users to order on-the-go, skip in-store lines and accumulate points that can be traded in for free beverages.
The information that may have been accessed includes first and last names, email addresses and customers' 16-digit DD Perks account numbers and DD Perks QR codes.
Dunkin' said it forced a password reset that required potentially impacted DD Perks account holders to log out and log back in to their account using a new password.
The company said it has launched an internal investigation and is working with its security vendor to help prevent a similar occurrence in the future.
Anyone with questions can go to dunkindonuts.com or call 800-447-0013, weekdays between 7 a.m. and 7 p.m. EST.