- Customers who used payment cards at the affected stores between August 28 and December 3, 2018 are suspected to have been impacted in the breach.
- The compromised information includes customers’ names, credit card numbers, expiration dates and payment card security code.
US coffee store chain Caribou Coffee has disclosed a data breach that may have affected about 239 stores located in 693 locations. The accounts for 40 percent of the total company’s coffee stores located worldwide.
Discovery of the hack
In a data breach notice, the firm said that, on November 28, it discovered suspicious activities on its network. It hired forensic experts to conduct a thorough investigation. On November 30, the experts' found that hackers had gained unauthorized access to the company’s point of sale (POS) systems.
“Upon identifying this issue, we began working with Mandiant, a leading cyber security firm, to understand the scope of the incident and determine whether there had been any unauthorized access. On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained,”said the firm in its breach notice.
Type of information compromised
Customers who used credit or debit cards at the affected stores between August 28, 2018 and December 3, 2018 are suspected to have been impacted in the breach.
The compromised information includes customers’ names, credit card numbers, expiration dates and payment card security code. However, the company has confirmed that no Caribou Coffee Perks account or other loyalty account was affected in the hack.
In addition, any catering orders placed online through Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel and Noah’s NY Bagels were also not impacted in the breach.
Containing the breach
The Caribou Coffee has informed the law enforcement agencies about the breach. It is working closely with the agencies to resolve the issue. In addition, the firm is also planning to implement additional security measures to strengthen the security of the networks against any future attacks.