Attackers accessed employees’ Starbucks Partner Central accounts, and a data breach notification filed with Maine’s Attorney General said the company discovered the incident on February 6 and that 889 Partner Central accounts were compromised.
KEY FACTS
- Incident Unauthorized access to Partner Central accounts
- Accounts affected 889 Partner Central accounts
- Exposed data Names, Social Security numbers, dates of birth, and bank account and routing numbers
- Timeline Access occurred January 19 to February 11, discovery February 6
- Response Two years of identity theft protection and credit monitoring via Experian IdentityWorks
A joint investigation with external cybersecurity experts determined attackers obtained login credentials through websites impersonating Partner Central and used them to access affected accounts.
The compromised accounts were used to manage employment details, personal information, benefits and HR information for partners across the company.
The personal information exposed includes employees’ names, Social Security numbers, dates of birth, and financial account and routing numbers.
Starbucks notified law enforcement, advised employees to monitor bank accounts for suspicious activity, and is providing impacted partners with two years of free identity theft protection and credit monitoring through Experian IdentityWorks. The company also took measures to strengthen security controls related to access to Partner Central accounts.
WHY IT MATTERS
Exposure of Social Security numbers and bank details increases the risk of fraud and identity theft for affected employees. Impacted partners should monitor accounts and use the offered credit monitoring and identity protection services.