Dunkin’ Announces DD Perk No One Wanted: A Possible Data Breach

November 29, 2018, 7:51 PM UTC

Members of Dunkin’s DD Perks rewards program might need a munchkin and strong cup of coffee after reading the company’s latest announcement: Hackers might have gained access to its customers’ private information.

Meaning, if your DD Perks account username, password, and email is the same login information you use on other sites, you should probably create a new password ASAP.

“Only a small percent of our DD Perks account holders have been potentially affected by this issue,” a Dunkin’ Brands spokesperson tells Fortune.

According to Dunkin’, the source of the potential data breach wasn’t at the company.

“Although Dunkin’s internal systems did not experience a data security breach, we were informed by one of our security vendors that third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts,” Dunkin’ Brands told Fortune in a statement.

Dunkin’ said that it first learned about the potential data breach on Oct. 31, 2018.

Although Dunkin’ didn’t respond to questions about the delay in informing DD Perks account holders—or when it first emailed certain at-risk customers—before publication, it noted on its website that it had already asked potentially impacted DD Perks members to reset their passwords.

Dunkin’ also said that it has reported the incident to law enforcement and is working with a security vendor to prevent a future breach.