Starbucks has reported a data breach that compromised personal data belonging to hundreds of its employees. The incident was identified on February 6 when unauthorized access to employee accounts on the Starbucks Partner Central portal was discovered.
Details of the Cybersecurity Incident
The breach, which impacted the Starbucks Partner Central—an online platform utilized by employees for handling their personal data, payroll, and benefits—did not involve a direct attack on the company’s systems. Starbucks confirmed that its core network remained secure during the incident.
An in-depth investigation revealed that the breach occurred through a phishing attack. Hackers managed to obtain login credentials by creating fraudulent websites that closely resembled the official portal.
Impacted Information and Response
In a communication to the affected employees, Starbucks indicated that personal details such as names, social security numbers, birth dates, and financial account information, including routing numbers, may have been accessed by unauthorized individuals.
To mitigate the impact, Starbucks has notified law enforcement and is offering free identity protection services to those affected. Nearly 900 employees were impacted by this breach, according to a notification to the Maine Attorney General’s Office.
Timeline and Ongoing Investigations
The breach timeline indicates that the unauthorized access to employee accounts occurred between January 19 and February 11. While Starbucks employs over 200,000 individuals in the United States, this incident has highlighted the vulnerabilities associated with phishing attacks and the importance of securing personal data.
As investigations continue, Starbucks remains committed to enhancing its security measures to prevent future occurrences. The company emphasizes its dedication to safeguarding employee information and maintaining trust.
This incident follows previous data security challenges faced by Starbucks, underscoring the necessity for robust cybersecurity practices in protecting sensitive data.
