Starbucks Data Breach Impacts Employees

Starbucks has disclosed a data breach affecting the personal information of hundreds of employees.  The cybersecurity incident was detected on February 6, when the coffee giant learned of unauthorized access to Starbucks Partner Central accounts. Partner Central is an online portal used by employees, which the company calls “partners”, to manage their personal information, payroll, and benefits data. Based on the limited information shared by the company, it appears that its systems have not been directly targeted and its networks have not been compromised. [ Read: Michelin Confirms Data Breach ] An investigation found that hackers accessed Starbucks Partner Central accounts after obtaining user credentials through a phishing attack that leveraged fake websites designed to mimic the portal. “Based on our investigation, we understand that some of your personal information, including your name and social security number, date of birth, and financial account number and routing number, may have been accessed by an unauthorized third party,” the company said in a notification to impacted employees. Law enforcement has been informed about the incident and affected employees are being offered free identity protection services. According to a data breach notification filed with the Maine Attorney General’s Office, the incident affects nearly 900 Starbucks employees. The company has more than 200,000 workers in the United States.  The notification also revealed that the unauthorized access to employee accounts occurred between January 19 and February 11.  Related: Starbucks Singapore Says Customer Database Breached Related: SQL Injection Vulnerability Exposed Starbucks Financial Records WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Apple Updates Legacy iOS Versions to Patch Coruna Exploits Meta Launches New Protection Tools as It Helps Disrupt Scam Centers Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Wiz Joins Google Cloud as Landmark Acquisition Closes OpenAI to Acquire AI Security Startup Promptfoo Latest News Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Security Firm Executive Targeted in Sophisticated Phishing Attack China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation Threat Actor Targeting VPN Users in New Credential Theft Campaign ForceMemo: Python Repositories Compromised in GlassWorm Aftermath Hacking Attempt Reported at Poland’s Nuclear Research Center Loblaw Data Breach Impacts Customer Information Critical HPE AOS-CX Vulnerability Allows Admin Password Resets Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security And Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move The US Senate has confirmed Army Lt. Gen. Joshua Rudd to lead NSA and CYBERCOM. Business software company Rippling has appointed Adrian Ludwig as CSO. Orca Security has named Rachel Nislick as Chief Marketing Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email