Cyber Incident Victim: Caribou Coffee

Caribou Coffee disclosed a security breach on December 20, 2018, after detecting unauthorized access to point-of-sale (POS) systems across 239 of its 603 US locations, representing approximately 40% of its stores. The company's internal security monitoring processes identified unusual network activity on November 28, 2018, prompting immediate investigation. Within two days, cybersecurity firm Mandiant confirmed attackers had compromised POS systems and potentially accessed customer payment data from transactions occurring between August 28 and December 3, 2018. Exposed information included customer names, credit/debit card numbers, expiration dates, and card security codes. The company maintained that online payments processed through its website remained unaffected due to separation from in-store POS infrastructure. Caribou Coffee published a store-specific breach notice on its homepage, advising impacted customers to monitor financial statements and consider card replacements.

The coffee chain engaged Mandiant to investigate and contain the breach, announcing confidence in containment by the disclosure date. Caribou Coffee established communication channels with credit card networks to facilitate bank notifications regarding compromised payment cards. Federal law enforcement agencies including the FBI joined the investigation, though no attribution or motive for the attack was disclosed publicly. Company officials confirmed the breach timeframe aligned with Mandiant's forensic analysis, which identified no evidence of continued unauthorized access beyond December 3. No customer count or financial loss estimates were provided in the initial disclosure. The incident marked one of several high-profile retail POS breaches investigated during late 2018, though Caribou Coffee emphasized its payment website systems remained segregated and uncompromised throughout the event.