Breach, Americas, Content, Vertical markets

Retail Data Breaches: Caribou Coffee, Warby Parker Customer Info Exposed

Caribou Coffee, an American coffeehouse chain, in late December 2018 announced it experienced a data breach involving customers across at least 200 of its stores.

The Caribou data breach was identified Nov. 28, 2018, according to the company. At this time, Caribou detected unusual activity on its network through its information security monitoring processes and began working with cybersecurity consultancy services provider Mandiant to analyze the activity.

Mandiant identified unauthorized access to Caribou's point of sale (POS) systems, noting that some of the company's customer data was exposed, Caribou said. Since that time, Mandiant and Caribou have contained the data breach.

Caribou is currently working with the FBI, which is reviewing the data breach. It also is monitoring its systems, data and account access and exploring ways to improve its network and payment systems to prevent future data breaches.

Warby Parker Issues Data Breach Warning

In addition to the Caribou data breach, eyeglasses retailer Warby Parker this month released details about a data breach, according to a letter addressed to customers and filed with the Vermont Attorney General's Office. More than 198,000 Warby Parker online customer accounts may have been affected by the incident, SC Magazine reported.

Unauthorized users obtained usernames and passwords from other businesses' data breaches and attempted to use these credentials to log into Warby Parker online customer accounts between late September 2018 and late November 2018, the company noted. These users may have been able to access the following Warby Parker online customer information:

  • Email addresses.
  • First and last names.
  • Last four digits of customers' payment card numbers.
  • Prescription information.

Warby Parker has engaged third-party cybersecurity experts to monitor its website traffic and reported the data breach to law enforcement, the company said. It also is requesting that all potentially affected customers reset their passwords.

Thales: Most US Retailers Have Suffered a Data Breach

U.S. retail data breaches are happening more frequently than ever before, which is reflected in the "2018 Thales Data Threat Report – Retail Edition."

Notable Thales Data Threat Report findings included:

  • 50 percent of U.S. retailers have experienced a data breach in the past 12 months.
  • 75 percent have experienced at least one data breach to date.
  • 84 percent plan to increase their IT security spending.

Furthermore, data encryption technologies may prove to be valuable solutions to safeguard retail data against cyberattacks, Thales indicated. These technologies enable retailers to protect data in traditional data centers, the cloud and other IT environments, as well as comply with data security regulations.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.