Starbucks Data Breach Exposes Personal Data of Hundreds of Users

Starbucks Corporation disclosed a targeted cybersecurity incident on February 6, 2026, impacting approximately 900 employees. This breach compromised their personal and financial information via unauthorized access to the Starbucks Partner Central internal platform, which manages HR, benefits, and payroll systems.

The breach originated from credential harvesting, where attackers directed employees to counterfeit Partner Central login pages designed to steal valid credentials. Once obtained, these credentials granted access to highly sensitive data including full names, dates of birth, Social Security numbers, and direct deposit banking details.

Starbucks detected the intrusion on February 6 and immediately severed the attackers’ network access by February 11, 2026. Following this, the company notified federal authorities and enhanced its portal’s security controls. In response, Starbucks is providing affected personnel with 24 months of complimentary identity theft protection and credit monitoring services.

This incident follows previous security challenges for the company, including a 2024 ransomware attack on the supply chain software provider Blue Yonder that caused operational disruptions, and a 2022 vendor breach exposing over 200,000 customer details.

TocfWm dz yujOm piO

Related Articles

Back to top button