FHN 
Starbucks Data Breach has exposed the personal and financial information of 889 individuals after attackers gained unauthorized access to the company’s internal employee platform.
Although the number of affected individuals is small compared to Starbucks’ global workforce, the type of information involved makes the incident serious. Exposure of employment and financial records could increase the risk of identity theft for those impacted.
Attack Timeline and Investigation
According to a breach notification filed with the Office of the Maine Attorney General on March 10, 2026, the incident involved accounts connected to the Starbucks Partner Central system. This platform allows employees to access payroll details, benefits information, and other work-related records.
Investigations showed that attackers first gained access on January 19, 2026. Suspicious activity was detected on February 6, and the company fully removed the attackers from its systems by February 11.
Security experts later determined that the attackers used credential harvesting techniques. Employees were directed to fake websites that closely resembled the official Starbucks Partner Central login page. When users entered their credentials on these phishing pages, the attackers captured the login information and used it to access employee accounts.
Because these accounts contained payroll and employment records, the attackers were able to view several types of sensitive personal data, including
- Full names and dates of birth
- Social Security numbers
- Bank account and routing numbers linked to direct deposits
Follow Us on:Linkedin, Instagram, Facebook to get the latest security news!
After discovering the breach, Starbucks immediately blocked unauthorized access, notified law enforcement authorities, and strengthened security measures for the employee portal.
The company is also offering 24 months of identity theft protection and credit monitoring services through Experian to help protect the affected individuals.
This incident follows previous cybersecurity challenges faced by the company. In November 2024, Starbucks experienced operational disruptions after a ransomware attack targeted Blue Yonder, a third-party provider used for supply chain and scheduling systems.
Earlier in September 2022, Starbucks’ Singapore operations experienced a major breach that exposed the personal information of more than 219,000 customers after a vendor’s system was compromised.
The latest incident highlights how phishing attacks and stolen credentials continue to be a common method used by cybercriminals to gain access to corporate system
About the Author
