Starbucks says the personal data of some customers in Singapore has been compromised, including names, dates of birth and mobile numbers. Although credit card details and passwords were not leaked, he advised customers to change their passwords.
The US F&B chain emailed multiple customers on Friday notifying them it had detected “unauthorized activity online” as well as “some unauthorized access to customer data.” These include names, dates of birth, mobile numbers and residential addresses if personal data has been provided to Starbucks.
It said details related to its Rewards customer loyalty program, such as stored value and credits, were not affected. Credit card data was also not compromised because they did not store such information, according to Starbucks.
The merchant said local authorities have been informed and are assisting them with the security incident. Although passwords were not compromised, the company urged its customers to reset their passwords immediately.
ZDNET understands that the hackers are now distributing the data on an online forum that specializes in trading stolen databases. In a September 10 post, the hackers claimed to have access to Starbucks Singapore’s “full database” of more than 553,000 records and offered a sample dump.
In its email, Starbucks said it has put additional measures in place to protect customer information, but did not provide details on what those include.
ZDNET contacted the US retailer for more information, including how many customers were affected by the breach, what systems were breached and when the breach was first discovered. This article will be updated if and when Starbucks responds.