facebook pixal

Dunkin’, Marriott hit by data hackers

Dunkin Donuts' situation suggests other restaurant chains could also be affected.
Photograph: Shutterstock

Hackers who stole login usernames and passwords from an unidentified website are using that information to attempt entry into Dunkin’ Donuts’ loyalty program, where additional customer information would be available, parent company Dunkin’ Brands alerted members of the DD Perks frequent-guest service. 

The warning suggests the hackers are similarly trying to use the stolen information to log into protected sites across the internet, raising the possibility of other restaurant loyalty programs being compromised. But no further instances have yet been reported.

Dunkin’ Brands said it has already forced members of DD Perks to change their login information, and is replacing DD Perks cards loaded with cash values with new cards. It did not reveal how many members of the program may have been affected. “Our security vendor was successful in stopping most of these attempts,” the franchisor said in its alert.

Marriott International, meanwhile, warned members of its loyalty program this morning that its reservation database has been hacked, putting more than 500 million accounts at risk, going back to 2014.  

The hospitality giant said an internal security system first detected suspect activity on Sept. 8, and indicated it has been working with security authorities to address the risk. More recently, it discovered that a hacker had succeeded in copying customer information and was attempting to pull it out of the reservation system. Marriott said it was able to decrypt the information and learned that at least bits of information on 327 million customers was included. That data could have included credit card data, Marriott said.

It was not clear whether the hack succeeded in removing the information or was thwarted by Marriott’s discovery.

Marriott said it set up a toll-free assistance line for customers who have questions about the breach. 

Dunkin’ and Marriott are the latest in a long and fast-growing list of hospitality companies whose customer information has been targeted by data thieves. Previous victims include Cheddar's Scratch Kitchen, Chipotle, Panera Bread, PDQ, Sonic Drive-In and Chili’s.

Want breaking news at your fingertips?

Get today’s need-to-know restaurant industry intelligence. Sign up to receive texts from Restaurant Business on news and insights that matter to your brand.


More from our partners