[BreachExchange] Caribou Coffee chain announces card breach impacting 239 stores
Inga Goddijn
inga at riskbasedsecurity.com
Fri Dec 21 09:59:12 EST 2018
https://www.zdnet.com/article/caribou-coffee-chain-announces-card-breach-impacting-239-stores/
US coffee store chain Caribou Coffee announced a security breach today
after it discovered unauthorized access of its point of sale (POS) systems.
The company listed 239 stores of its total 603 locations as impacted, which
roughly amounts to 40 percent of all its sites.
All customers who used a credit or debit card at one of the affected stores
between August 28, 2018, and December 3, 2018, should consider their card
details compromised and take precautions such as asking for a card
replacement, reviewing credit card reports, and enrolling in identity
protection programs.
Users can consult the list of impacted stores via the company's data breach
notice
<https://assets.coffeeandbagels-static.com/cariboucoffee/Data-Security-Notice.pdf>,
posted on its homepage.
Caribou Coffee officials said they detected that something was wrong last
month, on November 28, when its IT staff was alerted of "unusual activity"
on its network via its security monitoring processes.
The company said it worked with experts from Mandiant, a cyber-security
firm specialized in investigating data breaches. Two days later, Mandiant
informed Caribou Coffee that it discovered unauthorized access of the
company's POS system that also exposed some of the coffee store's customer
data.
Caribou Coffee said that names, card numbers, expiration dates, and card
security codes might have been exposed and collected by intruders.
Card payments made through the company's website were not affected, as this
payment system is separate from in-store POS systems.
"At this time, we are confident that the breach has been contained," said
Caribou Coffee officials. "We also are in regular communication with the
credit card companies and will provide them with the information necessary
to notify the banks that may have issued the affected payment cards."
The FBI is also on the case.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20181221/863878e2/attachment.html>
More information about the BreachExchange
mailing list