A cybersecurity incident has been reported by Starbucks after attackers gained unauthorized access to a company platform containing sensitive employee information. The breach exposed the personal and financial data of 889 individuals, raising concerns about possible identity theft risks for those affected.
The incident involved the company’s internal system known as Starbucks Partner Central, a platform used to manage human resources, payroll and employee benefits. Although the number of affected users represents a small portion of the company’s global workforce, the type of information accessed is considered highly sensitive.
According to a data breach notification submitted to the Office of the Maine Attorney General on March 10, 2026, the attack specifically targeted Partner Central accounts. The unauthorized activity took place over a 3-week period in early 2026.
Based on the official disclosure filed by Allison Sopko, Director of Privacy North America at Starbucks, the attackers initially gained access on January 19, 2026. The company’s security team detected the suspicious activity on February 6 and successfully removed the attackers’ access from the network by February 11.
A joint investigation carried out by Starbucks and external cybersecurity experts revealed that the attackers used credential harvesting techniques. Employees were reportedly directed to fraudulent phishing websites that were designed to imitate the legitimate Starbucks Partner Central login portal.
Since the compromised accounts handled critical employment and payroll information, the breach exposed more than just basic contact details. The attackers gained access to sensitive personal information including employees’ full names, dates of birth and Social Security numbers. They were also able to view financial account numbers and banking routing numbers connected to direct deposit records.
After identifying the breach, Starbucks immediately blocked unauthorized access, informed federal law enforcement authorities and strengthened its internal security controls for the employee portal.
The company has also announced support measures for the affected individuals. Impacted employees will receive 24 months of free identity theft protection and credit monitoring services through Experian Credit Plus 1B.
This incident adds to a series of cybersecurity challenges faced by the coffee chain in recent years. In November 2024, a ransomware attack on Blue Yonder, a third-party supply chain and scheduling software provider, disrupted operations and forced store managers to manually track employee work hours.
Earlier, in September 2022, the company’s Singapore division experienced a separate breach that exposed personal details of more than 219,000 customers after a vendor’s system was compromised and later sold on hacker forums.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
