The Huge Caribou Coffee Data Breach You Probably Didn't Know About

When you go to Caribou Coffee for a morning pick-me-up, you never expect to have your bank card compromised. This exact incident occurred in December 2018 when the coffee chain announced that customers' credit card information leaked as a result of a data breach. According to The Minneapolis/St. Paul Business Journal, Caribou Coffee's president disclosed that the chain first noticed signs of strange activity on its network on November 28, 2018. After an investigation led by an American cybersecurity company Mandiant, experts found that an unauthorized user accessed the chain's point-of-sale systems.

The investigation additionally revealed that anyone who visited a Caribou Coffee outlet affected by the data breach between August 28 and December 3, 2018, may have been affected by the hack (via Caribou Coffee). According to the brand's president, patrons' names, card numbers, expiration dates, and card security codes may have been accessed by criminals as a result of unauthorized access. The stolen information angered more than a few of the coffee chain's patrons, including one financial institution that ended up suing the coffee company.

Caribou's data breach resulted in a lawsuit

Following the report of Caribou Coffee's data breached that affected up to 473 stores across 24 states, Village Bank filed a class-action lawsuit against the coffee company in June 2019 (via Top Class Actions). Village Bank claimed that the data breach occurred as a result of the brand's negligence and a failure to protect their customers' payment information. Had proper security measures been implemented in the first place, the bank claims there was a chance that the breach could have been avoided. Due to these factors, the financial institution sought financial reimbursement from Caribou Coffee for lost costs stemming from having to cancel and reissue cards and reimbursing fraudulent charges. According to the plaintiff, banks and credit unions faced serious financial harm due to the data breach and were entitled to some compensation.

While the lawsuit states the data breach was a result of Caribou Coffee's failings, the chain never admitted to any fault. Despite maintaining their innocence through the court proceedings, the coffee company agreed to settle the lawsuit with Village Bank for $5,816,250 on October 22, 2020. As per the settlement, any financial institution affected by Caribou Coffee's data breach can file a claim for reimbursement. Next time you stroll into your favorite coffee shop for a hot latte or cappuccino, always stay vigilant — you never know when cyberattacks may put your financial information in jeopardy.