Starbucks Data Breach Mirrors that of 2006

By: Absolute Team | 12/2/2008

Who Breached: Starbucks
Number Affected: 97,000
Information breached: Social Security Numbers
How: stolen laptop

Starbucks Corp. confirmed this week that a laptop containing the information of 97,000 employees was stolen.

A Starbucks laptop containing names, addresses and Social Security Numbers was stolen on October 29th. It is not clear if the laptop was protected in any way, or how it was stolen.

In 2006, Starbucks reported the theft of four laptop computers, so it is sad that such an issue would again come to light. In 2006, the breach affected 60,000 Starbucks employees / partners. Although the Starbucks statement to employees, after this most recent breach, indicates that the company is taking step to protect data, including encryption, one would hope that those steps would have occurred in the 2-year period since the last breach. A copy of the letter sent to affected Starbucks employees can be found here.

You can help prevent data breaches such as these, or recover from them more easily, with strong computer security policies, enforcement and training and software such as Computrace from Absolute.

Other major data breaches for November, 2008:

  • Luxottica Group, 59,000+ affected, hacker [read more]
  • University of Florida College of Dentistry, 344,000+, compromised server [read more]
  • Christus Health Care, thousands, stolen backup tapes [read more]
  • Harvard Law School, 21,000, lost backup tapes [read more]
  • North Carolina Division of Aging and Adult Services, 85,000+, lost laptop [read more]
  • Baylor Health Care System Inc., 100,000, stolen laptop [read more]
  • Arizona Department of Economic Security, 40,000, stolen hard drives [read more]

And in other news...

And in a very strong statement by Canada's Privacy Commissioner Jennifer Stoddart, Canada was called to shame for inaction on cybercrime. Stoddart called it an "embarrassment" that Canada does not protect the rights of individuals with provisions such as anti-spam legislation, strong identity theft legislation, or mandatory data breach provisions. Read more about this here.

Via datalossdb

Financial Services