Starbucks discloses data breach affecting tons of of workers

Starbucks has disclosed a data breach affecting tons of of workers after menace actors gained entry to their Starbucks Associate Central accounts.

Because the world’s largest coffeehouse chain, Starbucks has over 380,000 workers (often known as companions) and operates practically 41,000 areas throughout 88 nations.

In data breach notification letters filed with Maine’s Legal professional Normal and despatched to affected workers on Tuesday, the corporate says that it found the incident on February 6.

A joint investigation with exterior cybersecurity consultants discovered that the attackers compromised 889 Starbucks Associate Central accounts used to handle employment particulars, private data, advantages, and HR data.

Starbucks stated the menace actors had entry to affected people’ accounts between January 19 and February 11, however did not clarify why it took 5 days to take away them from its techniques.

“On or about February 6, 2026, Starbucks Company (‘Starbucks’ or ‘we’) grew to become conscious of potential unauthorized entry to sure Starbucks Associate Central accounts,” the corporate stated. “The investigation has decided that an unauthorized third celebration accessed sure Starbucks Associate Central accounts after acquiring the login credentials by way of web sites impersonating Associate Central.”

The private data uncovered within the incident contains workers’ names, Social Safety numbers, dates of delivery, and monetary account and routing numbers.

Starbucks notified legislation enforcement businesses after discovering the breach and suggested workers to observe their financial institution accounts for suspicious exercise that would point out fraud or id theft. The corporate can also be offering impacted companions with two years of free id theft safety and credit score monitoring service by way of Experian IdentityWorks.

“Upon studying of the incident, we took immediate steps to research the character and scope of the incident and reply to it,” Starbucks added. “We additionally notified legislation enforcement and took measures to additional strengthen security controls associated to entry to Starbucks Associate Central accounts.”

BleepingComputer reached out to a Starbucks spokesperson with questions in regards to the incident, however no instant response was out there.

Starbucks’ Singapore division additionally confirmed a data breach affecting over 219,000 clients in September 2022, after a menace actor compromised the techniques of a third-party vendor that saved the affected clients’ knowledge.

The espresso chain was additionally hit by the aftermath of a Termite ransomware assault that affected Blue Yonder (Starbucks’ provide chain software program supplier) in November 2024.