Security

Starbucks Reveals Security Breach Impacting Hundreds of Workers

Published

1 hour ago

March 13, 2026

Starbucks Data Breach Exposes Employee Information

A recent data breach at Starbucks has impacted hundreds of employees, with threat actors gaining unauthorized access to Starbucks Partner Central accounts.

Starbucks, known as the world’s largest coffeehouse chain, employs over 380,000 individuals, referred to as partners, and operates thousands of stores across numerous countries.

According to data breach notification letters sent out by the company, the breach was discovered on February 6. An investigation, conducted with cybersecurity experts, revealed that 889 Starbucks Partner Central accounts were compromised. These accounts contain employment details, personal information, benefits, and HR data.

The attackers had access to the affected accounts between January 19 and February 11. Starbucks, however, did not provide a reason for the delay in removing the unauthorized access from its systems.

Starbucks stated, “The investigation has determined that an unauthorized third party accessed certain Starbucks Partner Central accounts after obtaining the login credentials through websites impersonating Partner Central.”

The personal information exposed in the breach includes names, Social Security numbers, dates of birth, and financial account details of the employees.

Upon discovering the breach, Starbucks notified law enforcement and advised employees to monitor their bank accounts for any signs of fraudulent activity or identity theft. The company is offering impacted partners two years of free identity theft protection and credit monitoring through Experian IdentityWorks.

Starbucks took immediate steps to investigate and respond to the incident upon discovery. Law enforcement was notified, and security controls related to access to Starbucks Partner Central accounts were enhanced.

In a similar incident, Starbucks’ Singapore division experienced a data breach affecting over 219,000 customers in September 2022. Additionally, the company was impacted by a Termite ransomware attack in November 2024.

Malware is evolving. Discover insights from The Red Report 2026 on how new threats leverage mathematics to evade detection and remain undetected.

Access our analysis of 1.1 million malicious samples to uncover the top 10 techniques used by cybercriminals and evaluate the effectiveness of your security measures.