Cyber Incident Victim: International Coffee & Tea

International Coffee & Tea, LLC experienced an external system breach through hacking on April 5, 2024, though the intrusion was not discovered until June 6, 2024—a 62-day gap between occurrence and detection. The breach compromised personal identifiers of 53,901 individuals nationwide, including 11 residents of Maine. No evidence suggested the breach involved physical records or internal misuse, as the compromise was explicitly attributed to external threat actors targeting digital systems. The organization, headquartered at 550 S. Hope Street in Los Angeles, California, classified the incident under "Other Commercial" entity types in its breach notification to Maine authorities. Adam Berger, Senior Legal Counsel for Jollibee Foods (implied as a parent or affiliated entity through his email domain), submitted the notification on behalf of International Coffee & Tea, confirming his role as the responsible legal contact for breach disclosures.

Affected individuals received written notifications on December 19, 2024—196 days after discovery and 258 days post-breach—with Maine-specific notices documented in a PDF titled "International_Coffee_&_Tea,_LLC_-_Notice_of_Data_Event_-_ME.pdf." The company offered one year of credit monitoring services to impacted persons, though the notification did not specify the provider. International Coffee & Tea confirmed no prior breach notifications within the preceding 12 months, indicating this was an isolated incident within that timeframe. The breach did not meet Maine's threshold for mandatory reporting to consumer reporting agencies, as only 11 residents were affected, well below the 1,000-resident trigger requiring such alerts. No additional details regarding attack vectors, data restoration timelines, or forensic investigation outcomes were disclosed in the submission.