Starbucks has revealed a data breach that exposed sensitive personal information belonging to hundreds of its employees after attackers gained access to internal accounts used by staff.
The coffee chain said the breach affected 889 Starbucks Partner Central accounts. Partner Central is the company’s internal platform where employees manage employment details, personal information, benefits, and other human resources-related data.
Starbucks discovered the incident on February 6, 2026, and launched an investigation with external cybersecurity experts. The company later determined that the attackers had access to the affected accounts between January 19 and February 11.
According to Starbucks, the attackers gained access by stealing login credentials through phishing websites that impersonated the official Partner Central portal. Once the credentials were obtained, the threat actors were able to log in to employee accounts and view sensitive information.
The exposed data may include employee names, Social Security numbers, dates of birth, and financial account and routing numbers. Because of the sensitive nature of the information, the company warned affected employees to watch for suspicious financial activity that could indicate fraud or identity theft.
Starbucks has notified law enforcement about the breach and says it has taken steps to strengthen security controls around access to Partner Central accounts. The company is also offering two years of free credit monitoring and identity theft protection through Experian IdentityWorks to employees impacted by the incident.
Starbucks did not explain why it took several days to remove the attackers after discovering the breach. The company said it is continuing to monitor its systems while improving security protections.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The latest incident adds to some past security issues linked to the company. In 2022, Starbucks’ Singapore division confirmed a data breach affecting more than 219,000 customers after a third-party vendor’s systems were compromised. In 2024, Starbucks was also affected by a ransomware attack targeting Blue Yonder, a software provider that manages the company’s supply chain operations.
