Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access to internal partner accounts through a sophisticated phishing scheme.
On or about February 6, 2026, Starbucks became aware of potential unauthorized access to certain Starbucks Partner Central accounts. Partner Central is the company’s internal portal used by Starbucks employees, referred to internally as “partners.”
Investigators determined that the threat actors obtained valid login credentials by directing employees to fraudulent websites designed to impersonate the legitimate Partner Central login page, a classic adversary-in-the-middle phishing tactic.
Using these harvested credentials, attackers successfully authenticated into real accounts and accessed the personal data stored within.
Starbucks Data Breach
The breach exposed a wide range of sensitive personal and financial data. According to the official breach notice dated March 10, 2026, the compromised information includes:
- Full names
- Social Security Numbers (SSNs)
- Dates of birth
- Financial account numbers and routing numbers
According to the Breach Notification filed with Maine’s Attorney General, exposing Social Security numbers and financial account details severely increases the risk of identity theft, fraud, and unauthorized transactions for affected individuals.
Upon learning of the incident, Starbucks launched an internal investigation with the help of leading cybersecurity experts and promptly notified relevant law enforcement authorities.
The company also took immediate steps to strengthen security controls related to access to Partner Central accounts in order to prevent further unauthorized activity.
As a remediation measure, Starbucks is offering all affected partners a complimentary 24-month membership to Experian IdentityWorks, a credit and identity monitoring service.
The offering includes dark web surveillance, credit monitoring, identity restoration specialists, and up to $1 million in identity theft insurance coverage. Affected individuals must enroll by June 30, 2026, to activate the protection.
Starbucks and federal regulatory agencies are urging impacted partners to stay vigilant for the next 12 to 24 months. Key recommended actions include:
- Monitor financial accounts and credit reports regularly for suspicious activity
- Place a fraud alert or security freeze with Equifax, Experian, or TransUnion
- Change passwords for any accounts sharing credentials with Partner Central
- Avoid clicking links in unsolicited emails requesting personal information
This incident highlights the persistent threat posed by credential phishing campaigns targeting corporate portals. Employees with access to sensitive HR and financial data remain high-value targets, and organizations must enforce phishing-resistant multi-factor authentication (MFA) on all internal systems to mitigate such attacks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
