Starbucks has disclosed that it suffered a security incident that potentially impacted 889 individuals.
In a notice of data breach sent to customers on March 10th, the world’s largest coffeehouse chain says that on or about February 6th, it discovered a potential unauthorized access to certain Starbucks Partner Central accounts.
The malicious actor managed to access some of the accounts after obtaining login credentials through phishing websites that impersonate Partner Central, the company’s centralized HR and workplace platform that employees use to manage work-related tasks.
The company says that based on the types of information viewable within those accounts, the perpetrator may have accessed some personal information including names, social security numbers, dates of birth, financial account numbers and routing numbers.
“We?recently?identified that a limited number of retail partners had inadvertently interacted with deceptive websites impersonating an employee-facing site.?This allowed an unauthorized third-party to access certain partner accounts. We quickly resolved the issue, notified affected partners, and operations have since returned to normal.?There’s no impact on customers’ data.”
Starbucks says it launched an investigation after discovering the breach, which happened between January 19th and February 11th.
The company says it took measures to contain the incident and notified law enforcement authorities. Starbucks says it also provided affected individuals with a free identity theft protection service.
“To help address concerns you may have about this incident, we are offering complimentary access to Experian IdentityWorksSM for twenty-four (24) months. Please note that Identity Restoration is available to you for 24 months from the date of this letter and does not require any action on your part at this time.”
Follow us on X, Facebook and TelegramGenerated Image: Midjourney