Starbucks has disclosed a knowledge breach affecting tons of of workers after risk actors gained entry to their Starbucks Accomplice Central accounts.
Because the world’s largest coffeehouse chain, Starbucks has over 380,000 workers (also referred to as companions) and operates almost 41,000 areas throughout 88 international locations.
In information breach notification letters filed with Maine’s Legal professional Basic and despatched to affected workers on Tuesday, the corporate says that it found the incident on February 6.
A joint investigation with exterior cybersecurity specialists discovered that the attackers compromised 889 Starbucks Accomplice Central accounts used to handle employment particulars, private info, advantages, and HR info.
Starbucks stated the risk actors had entry to affected people’ accounts between January 19 and February 11, however did not clarify why it took 5 days to take away them from its techniques.
“On or about February 6, 2026, Starbucks Company (‘Starbucks’ or ‘we’) grew to become conscious of potential unauthorized entry to sure Starbucks Accomplice Central accounts,” the corporate stated. “The investigation has decided that an unauthorized third celebration accessed sure Starbucks Accomplice Central accounts after acquiring the login credentials by means of web sites impersonating Accomplice Central.”
The non-public info uncovered within the incident contains workers’ names, Social Safety numbers, dates of delivery, and monetary account and routing numbers.
Starbucks notified regulation enforcement businesses after discovering the breach and suggested workers to observe their financial institution accounts for suspicious exercise that might point out fraud or identification theft. The corporate can also be offering impacted companions with two years of free identification theft safety and credit score monitoring service by means of Experian IdentityWorks.
“Upon studying of the incident, we took immediate steps to analyze the character and scope of the incident and reply to it,” Starbucks added. “We additionally notified regulation enforcement and took measures to additional strengthen safety controls associated to entry to Starbucks Accomplice Central accounts.”
BleepingComputer reached out to a Starbucks spokesperson with questions concerning the incident, however no speedy response was out there.
Starbucks’ Singapore division additionally confirmed a knowledge breach affecting over 219,000 clients in September 2022, after a risk actor compromised the techniques of a third-party vendor that saved the affected clients’ information.
The espresso chain was additionally hit by the aftermath of a Termite ransomware assault that affected Blue Yonder (Starbucks’ provide chain software program supplier) in November 2024.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
