Caribou Coffee suffers data breach at more than half of its US locations

Caribou Coffee suffers data breach

On Dec. 20, it was reported that Caribou Coffee suffered a data breach that affected 66 percent of its United States-based stores. The Brooklyn Center, Minnesota-based chain posted a data security notice alerting customers that the point-of-sale systems at 265 of its 400 American locations had been affected. As such, customers who used payment cards to make purchases at its stores had their card data stolen by unauthorized intruders.

Caribou’s IT team discovered troubling activity within the corporate network on Nov. 28. Following an investigation by data security company Mandiant, the corporation found that its POS system was compromised from Aug. 28 to Dec. 3. The hack affected stores in Colorado, Florida, Georgia, Iowa, Kansas, Minnesota, Missouri, North Carolina, North Dakota, South Dakota, and Wisconsin.

As per Caribou’s data security notice, it’s recommended that customers who visited the affected cafés during the vulnerability period review their bank statements for unauthorized transactions and request new cards from their banks.

Manage your supply chain from home with Sourcengine

The Fallout of Major Data Breaches

While Caribou is still in the making disclosures phase of the corporate data breach cycle, at some point it’s going to move into the consequences phase. And when that happens, America’s fourth-largest coffee chain may be in for some real trouble.

Earlier this month, hotel franchise Marriott disclosed that as a result of a data breach, 500 million of its guests had their personal data exposed. As a result, experts are estimating that the hotelier will be on the hook for between $200 million to $1 billion in fines. And, depending on the outcome to recently launched class-action suits, Marriott might have to pay out an additional $12.5 billion in damages.

The American Data Security Problem is Only Getting Worse

Although Caribou is the latest high-profile corporate data breach victim, it’s certainly not going to be the last. Norton Security released a report noting that cyber thieves will steal an estimated 33 billion personal records, including social security numbers and credit card info, in 2023, up from 16 billion in 2018. And more than half of those records will belong to people living in the United States.

America’s data security problems extend past identity theft. In October, it was reported that microchips manufactured in China were secretly equipped with components that would allow third-party backdoor access to any system they were installed in. And the company that unknowingly supplied the subverted chips had contracts with Amazon, Apple, and the U.S. Department of Defense.

Given the scope and severity of the problem, both governmental organizations and the private sector will need to redouble their efforts to protect America’s most sensitive data. Because as these recent data breaches have shown, the consequences of not doing so can be utterly devastating.