Caribou Coffee informed customers this week that more than 260 of its stores in the United States were hit by a data breach that resulted in the exposure of payment card information.
According to Caribou Coffee, which is headquartered in Minnesota but owned by German conglomerate JAB Holding Company, the breach was detected on November 28 when its cybersecurity systems detected unusual activity.
An analysis conducted by Mandiant, which Caribou Coffee called in to investigate the incident, revealed that the attackers had access to the company’s systems between August 28 and December 3, 2018.
The attackers may have stolen names and payment card information, including card number, expiration date, and card security code. Caribou Coffee pointed out that payments made through Perks or other loyalty accounts are not affected, and neither are orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel, and Noah’s NY Bagels.
The coffee company says the breach impacts 217 of its stores in Minnesota and 48 stores across Colorado, Florida, Georgia, Iowa, Kansas, Missouri, North Carolina, North Dakota, South Dakota, and Wisconsin.
According to its website, there are over 270 company-owned stores in the United States, which suggests that a vast majority, if not all, Caribou Coffee locations are impacted by the breach.
Caribou Coffee says it’s confident that the breach has been contained. The company says the FBI has also been informed of the incident.
“Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward,” Caribou Coffee stated. “We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards.”