Starbucks has disclosed a data breach affecting the personal information of hundreds of employees.
The cybersecurity incident was detected on February 6, when the coffee giant learned of unauthorized access to Starbucks Partner Central accounts.
Partner Central is an online portal used by employees, which the company calls “partners”, to manage their personal information, payroll, and benefits data.
Based on the limited information shared by the company, it appears that its systems have not been directly targeted and its networks have not been compromised.
[ Read: Michelin Confirms Data Breach ]
An investigation found that hackers accessed Starbucks Partner Central accounts after obtaining user credentials through a phishing attack that leveraged fake websites designed to mimic the portal.
“Based on our investigation, we understand that some of your personal information, including your name and social security number, date of birth, and financial account number and routing number, may have been accessed by an unauthorized third party,” the company said in a notification to impacted employees.
Law enforcement has been informed about the incident and affected employees are being offered free identity protection services.
According to a data breach notification filed with the Maine Attorney General’s Office, the incident affects nearly 900 Starbucks employees. The company has more than 200,000 workers in the United States.
The notification also revealed that the unauthorized access to employee accounts occurred between January 19 and February 11.
Related: Starbucks Singapore Says Customer Database Breached
Related: SQL Injection Vulnerability Exposed Starbucks Financial Records
