Starbucks Data Breach Exposes SSNs and Financial Account Information

On Feb. 6, 2026, Starbucks Corporation (dba Starbucks Coffee Company) discovered unauthorized access to certain Starbucks Partner Central accounts. The breach affected a total of 889 individuals in the United States, including five in Maine.

The breach was a result of an outside party that obtained login credentials via websites impersonating Partner Central, which enabled them to access employee accounts. This type of attack is commonly known as phishing, where attackers create fake websites that closely resemble legitimate ones in order to steal credentials.

The information exposed included personally identifiable information (PII): name, Social Security number, date of birth, financial account number and routing number.

The company became aware of the incident on Feb. 6, 2026, and after an internal investigation with the help of cybersecurity experts, determined that the attacker had accessed accounts by tricking users into entering their credentials on fake websites.

The breach was officially disclosed to the Maine Attorney General on March 12, 2026, and affected individuals were notified by written letter on March 10, 2026.

Starbucks Coffee Company's response

To support those affected, Starbucks is offering 24 months of complimentary access to Experian IdentityWorks, which includes credit monitoring, internet surveillance for personal information on the dark web, identity restoration services and $1 million in identity theft insurance.

Affected individuals do not need a credit card to enroll in the service and can access identity restoration assistance immediately.

The company has also provided guidance on monitoring financial accounts, changing passwords, placing fraud alerts and requesting security freezes with credit bureaus.

Given the nature of the breach, those affected should be vigilant for suspicious activity on their accounts and be cautious of phishing attempts or unsolicited communications. It is especially important for anyone who used the same password for Partner Central and other accounts to change those passwords immediately.