Pierluigi Paganini December 21, 2018

Caribou Coffee notified customers a payment card breach that hit more than 260 of its stores in the United States.

A payment card breach hit over 260 Caribou Coffee stores, the company
owned by German JAB Holding Company detected the intrusion on November 28. Caribou Coffee also informed the FBI of the security breach.

The company revealed that the incident impacts 217 of its stores in Minnesota and 48 stores across Colorado, Florida, Georgia, Iowa, Kansas, Missouri, North Carolina, North Dakota, South Dakota, and Wisconsin.

Caribou Coffee hired Mandiant to investigate the payment card breach, experts discovered that attackers had access to the company’s systems between August 28 and December 3, 2018.

“On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading cyber security firm, to understand the scope of the incident and determine whether there had been any unauthorized access.” reads the data breach notification.

“On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained.”

Compromised records include names and payment card information, including card number, expiration date, and card security code. According to Caribou Coffee, payments made through Perks or other loyalty accounts are not affected. Orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel, and Noah’s NY Bagels are not affected too.

The company recommends customers to review their credit and debit card statements for any unauthorized charges.

“Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward,” Caribou Coffee added.

“We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards.”

Pierluigi Paganini

(SecurityAffairs – Caribou Coffee, data breach)

[adrotate banner=”5″] [adrotate banner=”13″]