The California Office of the Attorney General reported a data breach involving Dunkin' Brands Inc. on November 28, 2018. The breach occurred when third-parties obtained usernames and passwords from other companies' security breaches and potentially accessed Dunkin’ DD Perks accounts. The specific number of individuals affected is unknown, and there is no specific breach date indicated.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-142192
TPRM report: https://www.rankiteo.com/company/dunkin-donuts
"id": "dun022072825",
"linkid": "dunkin-donuts",
"type": "Breach",
"date": "11/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Food and Beverage',
'location': 'United States',
'name': "Dunkin' Brands Inc.",
'type': 'Corporation'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'type_of_data_compromised': 'Usernames and Passwords'},
'date_publicly_disclosed': '2018-11-28',
'description': 'The California Office of the Attorney General reported a data '
"breach involving Dunkin' Brands Inc. on November 28, 2018. "
'The breach occurred when third-parties obtained usernames and '
"passwords from other companies' security breaches and "
'potentially accessed Dunkin’ DD Perks accounts. The specific '
'number of individuals affected is unknown, and there is no '
'specific breach date indicated.',
'impact': {'data_compromised': 'Usernames and Passwords',
'systems_affected': 'DD Perks Accounts'},
'motivation': 'Unknown',
'references': [{'date_accessed': '2018-11-28',
'source': 'California Office of the Attorney General'}],
'threat_actor': 'Unknown',
'title': "Dunkin' Brands Inc. Data Breach",
'type': 'Data Breach',
'vulnerability_exploited': 'Reused Credentials'}