Caribou Coffee notified customers a payment card breach that hit more than 260 of its stores in the United States.
A payment card breach hit over 260 Caribou Coffee stores, the company owned by German JAB Holding Company detected the intrusion on November 28. Caribou Coffee also informed the FBI of the security breach.
The company revealed that the incident impacts 217 of its stores in Minnesota and 48 stores across Colorado, Florida, Georgia, Iowa, Kansas, Missouri, North Carolina, North Dakota, South Dakota, and Wisconsin.
Caribou Coffee hired Mandiant to investigate the payment card breach, experts discovered that attackers had access to the company’s systems between August 28 and December 3, 2018.
“On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading cyber security firm, to understand the scope of the incident and determine whether there had been any unauthorized access.” reads the data breach notification.
“On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained.”
Compromised records include names and payment card information, including card number, expiration date, and card security code. According to Caribou Coffee, payments made through Perks or other loyalty accounts are not affected. Orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel, and Noah’s NY Bagels are not affected too.
The company recommends customers to review their credit and debit card statements for any unauthorized charges.
“Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward,” Caribou Coffee added.
“We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.