Caribou Coffee announced a security breach today following the discovery of unauthorized access to its point of sale (POS) systems by the US coffee shop chain.
The company listed 239 stores of its 603 locations, which account for approximately 40 percent of all its sites.
All customers who used a credit or debit card in one of the stores between 28 August 2018 and 3 December 2018 should take into account their card details and take precautions, such as requesting a replacement card, reviewing credit card reports and registering for identity protection programs.
Users can view the list of impacted stores via the company’s notice of data breach posted on their homepage.
Caribou Coffee officials said they found something wrong last month, on 28 November, when their IT personnel were alerted to “unusual activity ” in their network through their security monitoring processes.
The company said it worked with Mandiant experts, a cyber-security company specializing in the investigation of data breaches. Two days later, Mandiant informed Caribou Coffee that it had discovered unauthorized access to the POS system of the company, which also exposed certain customer data from the coffee shop.
Caribou Coffee said that intruders could have exposed and collected names, card numbers, expiration dates and card security codes (monitor websites visited on home network). Card payments made via the website of the company have not been affected, as this payment system is separate from the POS systems in the store. “We are confident that the breach was contained at this time, ” said the officials of Caribou Coffee.”
We also communicate regularly with credit card companies and provide them with the necessary information to notify the banks that may have issued the payment cards. “