The Straits Times discovered that 330,000 Singaporean Starbucks customers’ personal information had been compromised and sold on an online forum since September 10.
On Friday, the coffee chain sent an email to the affected customers informing them of a data breach that had exposed their names, addresses, and email addresses.
Upon being questioned about whether or not its database had been compromised, a spokesman for Starbucks Singapore stated that the coffee shop chain learned of the data breach only on September 13. He also stated that the customers impacted were those who had accounts and had previously made a purchase through the company’s app or online store.
Customers were told in the email that ST saw that their credit card information was safe because Starbucks does not keep that information on file.
Other elements of its customer loyalty program, such as stored values, rewards, and credits, are still intact, the company claimed.
“We immediately took appropriate measures to safeguard customer information. Additionally, we are fully assisting the authorities with their investigation “The spokesperson said.
A Personal Data Protection Commission spokesman said the organization had been informed of the incident in response to questions from ST.
He said, “We are looking into it and have contacted Starbucks for more details.
At the time of publication, one copy of the user data database had already been sold for the listed sum of $3,500.
Four more copies are being made available.
In the upcoming weeks, Mr. Kevin Reed, the chief information security officer of the cyber-security company Acronis, warned those affected to be on the lookout for phishing or scam attempts.
“I would advise anyone who received the Starbucks email to carefully review any correspondence they receive from individuals or organizations.
He warned that “they might use your personal information to seem credible and, in some cases, might even ask you to access one-time passwords.”
the website where more than 200,000 Starbucks customers’ personal information is currently for sale.
Mr. Reed stated that he anticipates scammers to use the stolen information in the same way, citing the SMS phishing scams that occurred last year that affected nearly 470 OCBC Bank customers and resulted in losses of at least $8.5 million.
“People were addressed by their names in many of the circumstances, which made the messages seem credible,” he claimed.
Starbucks Singapore informed its customers of a data breach today by sending letters and informing them that the following information may have been stolen by hackers:
Name
Gender
Date of birth
Mobile number
Email address
Residential address
He continued by saying that it was possible that the data would also be used to access other services.
DETAILS ABOUT THIS TOPIC
What should I do if my personal information has been compromised? after OG department store customers’ personal information was exposed due to a data breach?
And even though Starbucks Singapore did not specify how the breach occurred, he claimed there were two possible approaches.
The first method uses data scraping, in which tools and scripts are used to gather data.
Alternatively, he suggested that the data might not have been properly secured.
But it’s a little late now that the information is public.