Starbucks has notified employees of a data breach that compromised the personal information of hundreds of workers after unauthorized actors gained access to internal company accounts.
The incident, discovered on February 6, affected 889 accounts on the Starbucks Partner Central platform, which employees use to manage work details, benefits, and human resources information. According to an investigation conducted with the help of external cybersecurity experts, the unauthorized access occurred between January 19 and February 11.
The company explained that the attackers obtained login credentials through fraudulent websites designed to mimic legitimate Partner Central portals. Once inside, they accessed sensitive information including names, Social Security numbers, dates of birth, and financial account details.
Starbucks reported that it notified authorities and removed the attackers’ access to its systems five days after detecting the intrusion. As a support measure, the company is offering affected employees two years of credit monitoring and identity theft protection through Experian IdentityWorks.
The company assured that customers were not affected by this breach. A spokesperson stated that the involved employees had inadvertently interacted with deceptive websites, which facilitated the attack.
This is not the first security incident faced by the coffee chain. In 2022, its Singapore subsidiary confirmed a breach that exposed data from more than 219,000 customers due to a compromise at a third-party provider. More recently, in November 2024, Starbucks also felt the effects of a ransomware attack targeting Blue Yonder, one of its technology suppliers.
By: Nestor Castillo, ForAllTechNews Director