What happened
Starbucks disclosed a data breach affecting nearly 900 employees after attackers gained unauthorized access to accounts on the company’s Partner Central employee portal. The breach was discovered on February 6, 2026, and investigators determined that the attackers obtained employee login credentials through phishing websites designed to mimic the Partner Central portal. Using those credentials, the attackers accessed employee accounts between January 19 and February 11. According to breach notifications, exposed data may include employee names, Social Security numbers, dates of birth, and bank account and routing numbers stored in the portal. Starbucks said its corporate network was not directly compromised and that the intrusion was limited to accounts accessed through stolen credentials. The company notified law enforcement and is offering affected employees identity protection services.
Who is affected
Nearly 900 Starbucks employees whose Partner Central accounts were accessed during the incident may have had personal and financial information exposed.
Why CISOs should care
The breach highlights how phishing campaigns targeting employee portals can expose sensitive HR and payroll data even when core enterprise networks are not directly compromised.
3 practical actions
- Monitor employee portals for suspicious logins. Review authentication activity for unauthorized access attempts or abnormal login locations.
- Strengthen phishing defenses. Implement training and technical controls to prevent credential harvesting through spoofed login pages.
- Protect exposed employees. Provide identity monitoring and fraud protection services for affected individuals.
For more coverage of major security incidents affecting organizations worldwide, explore our latest reporting on Data Breaches.