Massive Data Breach Hit Caribou Coffee, All Customers Transacted From Aug 28 to Dec 3 Affected
Caribou Coffee, a U.S. based Coffeehouse chain with 603 branches has made a public disclosure that thousands of their customer records from at least 219 branches in Minnesota were affected by a data breach. The security breach happened for three-month straight before it was discovered, according to their official disclosure document. Unauthorized access to their servers was detected and all their customers who transacted with them between August 28 to Dec 3 had their credit card number, full name, and other personal information extracted.
“On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading cybersecurity firm, to understand the scope of the incident and determine whether there had been any unauthorized access. On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained,” explained John Butcher, Caribou Coffee’s President.
As FBI has entered the investigation scene, Caribou Coffee is hoping to find out the exact reason how outsiders were able to penetrate their network. The Coffee chain will try to contact all their customers who transacted with them during the mentioned period above for a consultation.
“Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks and improve our payment systems to protect your information going forward. We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward,” added Butcher.
The Coffee shop chain opened a special hotline for affected customers: 1-877-698-3760. They wish to address their patrons that better IT security arrangement is in the pipeline to prevent similar incidents from recurring in the future. “We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards. We sincerely apologize that this breach occurred and assure you that our team is working to help prevent data security issues from occurring in the future. The privacy and security of your information are very important to us and we remain committed to doing everything we can to maintain the confidentiality of your information. We appreciate your patience and loyalty as a customer,” concluded Butcher.
Caribou Coffee used to operate as an independent coffee house business with franchises in 18 US states. It was acquired by JAB, a Luxembourg-based conglomerate in 2012 to the tune of $340 million.
Julia Sowells923 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.