Overview
- The company disclosed the incident in regulator filings and notices to staff, confirming unauthorized access to Partner Central accounts used for HR, payroll, and benefits.
- Attackers accessed affected accounts between January 19 and February 11, while Starbucks detected suspicious activity on February 6.
- Exposed information may include names, Social Security numbers, dates of birth, and financial account and routing numbers.
- Starbucks notified law enforcement and is providing two years of Experian IdentityWorks identity theft protection and credit monitoring to affected employees.
- Based on the company’s limited disclosures reported by outlets, core networks do not appear to have been directly breached, with the timeline leaving why access continued after detection unresolved.