Starbucks Corporation recently disclosed a targeted cybersecurity incident that compromised the personal and financial information of 889 individuals.
This internal platform is utilized by the company to manage human resources, employee benefits, and payroll details.
While the number of impacted users represents a small fraction of the company’s global workforce, the highly sensitive nature of the exposed employment data poses a severe identity theft risk for the affected personnel.
According to a data breach notification filed with the Office of the Maine Attorney General on March 10, 2026, the breach specifically targeted Starbucks Partner Central accounts.
Incident Timeline and Attack Vector
The unauthorized access occurred over a three-week window in early 2026.
Based on the official disclosure submitted by Allison Sopko, the Director of Privacy North America at Starbucks, threat actors first breached the systems on January 19, 2026.
The company’s security teams detected the unauthorized activity on February 6 and fully revoked the attackers’ access to the network by February 11.
A joint investigation conducted by Starbucks and external cybersecurity experts revealed that the threat actors utilized credential harvesting techniques.
The attackers successfully obtained employee login credentials by directing victims to fraudulent phishing websites that were explicitly designed to impersonate the legitimate Starbucks Partner Central portal.
Because the compromised accounts govern vital employment and payroll details, the exposed information extends significantly beyond basic contact data.
The threat actors gained unauthorized access to highly sensitive personally identifiable information, including employees’ full names, dates of birth, and Social Security numbers.
Furthermore, the attackers were able to view financial account numbers and banking routing numbers associated with direct deposit records.
Upon discovering the breach, Starbucks immediately terminated all unauthorized access, alerted federal law enforcement agencies, and strengthened its internal security controls for the employee portal.
The company is also providing all impacted individuals with 24 months of complimentary identity theft protection and credit monitoring services through Experian Credit Plus 1B.
This credential harvesting incident follows a series of notable cybersecurity challenges for the global coffeehouse chain.
In November 2024, Starbucks suffered severe operational disruptions due to a ransomware attack on Blue Yonder, a third-party supply chain and scheduling software provider.
That incident forced store managers to manually track employee hours and disrupted backend processes essential for barista compensation.
Furthermore, in September 2022, the company’s Singapore division experienced a significant breach that exposed the personal details of over 219,000 customers after a vendor’s systems were compromised and sold on hacker forums.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
