Starbucks Data Breach Impacts Employees

Starbucks has confirmed a data breach impacting the personal information of hundreds of its employees, highlighting the ongoing risks of phishing attacks targeting corporate portals.

The breach, detected on February 6, 2026, involved unauthorized access to Starbucks Partner Central accounts—the company’s online portal for employees (“partners”) to manage personal details, payroll, and benefits. While Starbucks’ corporate networks were not compromised, attackers gained access to individual accounts by using phishing campaigns and fake websites designed to mimic the portal.

“Based on our investigation, some personal information, including names, Social Security numbers, dates of birth, and bank account details, may have been accessed by unauthorized third parties,” the company notified affected employees. Starbucks has informed law enforcement and is offering free identity protection services to those impacted.

According to a breach notification filed with the Maine Attorney General’s Office, nearly 900 employees were affected. Unauthorized access occurred between January 19 and February 11, 2026. Starbucks employs more than 200,000 people across the U.S., meaning this incident impacted a small fraction of its workforce, but raised concerns about credential-based attacks.

The company emphasized that its core systems were not directly targeted, and the breach did not involve a network compromise. Security experts note that attacks exploiting employee portals through phishing remain a common threat vector for large organizations.