Dunkin’, Marriott Hit by Data Hackers

Situation suggests other chains could be affected
Photograph: Shutterstock

CHICAGO Hackers who stole login usernames and passwords from an unidentified website are using that information to attempt entry into Dunkin’ Donuts’ loyalty program, where additional customer information would be available, parent company Dunkin’ Brands alerted members of the DD Perks frequent-guest service. 

The warning suggests the hackers are similarly trying to use the stolen information to log into protected sites across the internet, raising the possibility of other restaurant loyalty programs being compromised. But no further instances have yet been reported.

Dunkin’ Brands said it has already forced members of DD Perks to change their login information and is replacing DD Perks cards loaded with cash values with new cards. It did not reveal how many members of the program may have been affected. “Our security vendor was successful in stopping most of these attempts,” the franchisor said in its alert.

Marriott International, meanwhile, warned members of its loyalty program that its reservation database has been hacked, putting more than 500 million accounts at risk, going back to 2014.  

The hospitality giant said an internal security system first detected suspect activity Sept. 8, and it indicated it has been working with security authorities to address the risk. More recently, it discovered that a hacker had succeeded in copying customer information and was attempting to pull it out of the reservation system. Marriott said it was able to decrypt the information and learned that at least bits of information on 327 million customers was included. That data could have included credit-card data, Marriott said.

It was not clear whether the hack succeeded in removing the information or was thwarted by Marriott’s discovery.

Marriott said it has set up a toll-free assistance line for customers who have questions about the breach. 

Dunkin’ and Marriott are the latest in a long and fast-growing list of hospitality companies whose customer information has been targeted by data thieves. Previous victims include Cheddar's Scratch Kitchen, Chipotle, Panera Bread, PDQ, Sonic Drive-In and Chili’s.

Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.

Related Content


More from our partners