A payment card breach hit over 260 Caribou Coffee stores, the company
owned by German JAB Holding Company detected the intrusion on November 28. Caribou Coffee also informed the FBI of the security breach.
The company revealed that the incident impacts 217 of its stores in Minnesota and 48 stores across Colorado, Florida, Georgia, Iowa, Kansas, Missouri, North Carolina, North Dakota, South Dakota, and Wisconsin.
Caribou Coffee hired Mandiant to investigate the payment card breach, experts discovered that attackers had access to the company’s systems between August 28 and December 3, 2018.
“On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading
“On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained.”
Compromised records include names and payment card information, including card number, expiration date, and card security code. According to Caribou Coffee, payments made through Perks or other loyalty accounts are not affected. Orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel, and Noah’s NY Bagels are not affected
The company recommends customers to review their credit and debit card statements for any unauthorized charges.
“Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward,” Caribou Coffee added.
“We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards.”
(SecurityAffairs – Caribou Coffee, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.