A breach involving coffee customer data at Caribou Coffee stores throughout the country. A notice on their web site explains:

Data Security Notice

Dear Valued Guests:



We want to be in touch with you regarding a recent incident that may have involved access to your payment card information.



What Happened

On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading cyber security firm, to understand the scope of the incident and determine whether there had been any unauthorized access. On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately. At this time, we are confident that the breach has been contained.



What Information Was Involved



If you visited any of our company-owned Caribou locations (see Appendix A for a list) between August 28, 2018 and December 3, 2018, there is a possibility that your name and credit card information, including card number, expiration date and card security code may have been accessed as a result of this unauthorized activity. Payments made through your Caribou Coffee Perks account or other loyalty account were not affected. Any catering orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel and Noah’s NY Bagels were also not affected by this breach.



What Are We Doing?



We are using Mandiant because of its expertise in data forensics and data security matters to conduct an investigation. We also have contacted and are in close coordination with the F.B.I. and are cooperating with its ongoing review. Please be assured that we are closely monitoring our systems, data, and account access as we always do. Additionally, we are making the necessary changes to strengthen our network against any future attacks, and improve our payment systems to protect your information going forward. We also are in regular communication with the credit card companies and will provide them with the information necessary to notify the banks that may have issued the affected payment cards.



What You Can Do



To determine whether you may have been affected by this security breach, we recommend that you review the list of potentially affected locations (see Appendix A for a list) and review your credit and debit card statements for any unauthorized charges. If you think you have been affected, please contact your debit or credit card company to report the potential unauthorized activity.



We also encourage customers to remain vigilant by reviewing your account statements as well as your credit report for any unauthorized activity.



For More Information



If you need more information about the breach or have other questions please call our toll free hotline number (877) 698 3760, Monday through Friday, from 9:00 a.m. to 9:00 p.m. EST and weekends from 9:00 a.m. to 5:00 p.m. EST or email us at [email protected] and we will work with you on next steps.



We sincerely apologize that this breach occurred and assure you that our team is working to help prevent data security issues from occurring in the future. The privacy and security of your information is very important to us and we remain committed to doing everything we can to maintain the confidentiality of your information. We appreciate your patience and loyalty as a customer.



Sincerely,

John Butcher

President, Caribou Coffee