Starbucks Singapore says customer database breached, 200,000 people’s information stolen
- The coffee chain franchise, owned by a Hong Kong-based company, discovered ‘some unauthorised access’ to names, numbers, addresses, gender and dates of birth
- Local media said one copy of the database had already been sold for US$2,500, while Starbucks said no credit card details were taken as it does not store them
Starbucks Singapore said on Friday that its customer database was breached online, with local media reporting that 200,000 people’s information was stolen.
The coffee chain – a licensed Starbucks franchise owned by Hong Kong-based Maxim’s Caterers – said in an email to customers that it had “discovered … some unauthorised access” to details such as names, gender, dates of birth, phone numbers and home addresses.
“Relevant authorities have been informed and Starbucks Singapore is assisting them on this matter,” said the email.
The company said it was made aware of the breach on September 13, and that no credit card details were taken as it does not store them. It urged customers to reset their passwords.
A public relations agency representing Starbucks Singapore said it was “unable to disclose the number of affected customers”.
The Straits Times said 200,000 customers’ data was stolen and put on sale in an online forum on September 10. One copy of the database had already been sold for S$3,500 (US$2,500), the newspaper added.
The city state’s Personal Data Protection Commission said it had been notified about the incident and has reached out to Starbucks Singapore for more information.
Indonesia hunts down Bjorka as hacking spree could be ‘tip of the iceberg’
On Thursday Uber Technologies network in New York was breached with the ride-hailing company taking several internal communications and engineering systems offline.
A hacker compromised an employee’s workplace messaging Slack app and then used it to send a message to Uber employees announcing that it had suffered a data breach, according to a New York Times report, citing an Uber spokesperson.
It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added.
01:48
Notorious ex-hacker hired by Vietnam’s cybersecurity agency to teach others on dangers of hacking
In June the data of about one billion Chinese citizens appeared for sale on a popular dark web forum, followed by a surge in other kinds of personal records from China appearing on cybercriminal marketplaces.
In the aftermath of that record leak, an estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, according to Group-IB, a cybersecurity firm based in Singapore.
In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai’s mandatory health code system, used to enforce quarantine and testing orders. The alleged hoard included names, phone numbers, IDs and their Covid status – for the price of US$4,000.
“The forum has never seen such an influx of Chinese users and interest in Chinese data,” said Feixiang He, a researcher at Group-IB. “The number of attacks on Chinese users may grow in the near future.”
Reporting by Agence France-Presse, Reuters, Bloomberg
