Cyber Incident Victim: Starbucks Corporation
Date:
Jan 2026
Location:
United States of America
Summary
Starbucks disclosed a data breach that exposed personal information of hundreds of employees after attackers gained access to Partner Central accounts through a phishing campaign using fake versions of the employee portal. The compromised data may include names, social security numbers, dates of birth, and bank account details. Law enforcement was notified and the company is providing affected workers with complimentary identity protection services. A filing with the Maine Attorney General’s Office indicates that nearly nine hundred staff members were impacted.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Starbucks disclosed a data breach affecting employee personal information after detecting unauthorized access to its Partner Central portal on February 6, 2026. The company learned that attackers had obtained employee credentials through a phishing campaign that used fake websites designed to mimic the Partner Central login page. With those stolen credentials, the attackers gained access to employee accounts and viewed personal data stored in the portal. According to Starbucks’ investigation, the unauthorized access occurred over a period spanning from January 19 to February 11, 2026, during which the attackers were able to retrieve information from the compromised accounts. The company emphasized that its core systems and networks were not directly targeted or compromised in the incident.
The breach impacted nearly 900 Starbucks employees, a subset of the company’s more than 200,000 workers in the United States. The personal information that may have been accessed includes names, social security numbers, dates of birth, and financial account numbers along with routing numbers. Starbucks stated that, based on the limited information shared, there was no indication that the attackers had moved beyond the Partner Central accounts to other internal systems. In response to the incident, Starbucks notified the Maine Attorney General’s Office as required by data breach disclosure laws and informed law enforcement about the unauthorized access. Affected employees were offered free identity protection services to help mitigate potential harm from the exposed data.
Starbucks’ notification to impacted employees explained that the company had conducted an investigation to determine the scope of the breach and had taken steps to secure the Partner Central portal against further unauthorized access. The company continued to cooperate with law enforcement officials as they pursued their investigation into the phishing operation. Starbucks also reminded employees to remain vigilant against phishing attempts and to report any suspicious communications. The company’s response focused on transparency, providing support to those affected, and reinforcing security awareness to prevent similar credential‑theft incidents in the future.