Less than 20% of customer info exposed to intruders

Apr 4, 2015 09:59 GMT  ·  By

Information belonging to customers of Biggby coffee locations has been accessed without authorization, resulting in personal details being disclosed to an unknown third party.

Biggby is a coffee franchise business headquartered in East Lansing, Michigan. The company started to expand soon after having been founded in 1995, with 9 new locations opened in the following four years.

By November 2013, there were about 172 stores available in more than eight states in the US (Michigan, Florida, Illinois, Kentucky, Ohio, South Carolina, Texas, and Wisconsin).

Partial customer data exposed

The incident was reported last week by Biggby’s web hosting provider, Traction, who noticed that the customer database belonging to the coffeehouse had been accessed without authorization.

In a letter on its website, Biggby informs that the personal information exposed may have been provided by clients when registering the Biggby cash card or by job applicants.

The Franchise said that only the data provided via its website was affected and that less than 20% of the customer data was accessed.

However, this 20% includes names, addresses, phone numbers, email addresses, and information regarding employment history.

Such details are more than enough for a cybercriminal to concoct very credible-looking phishing emails that could lead to harvesting financial details or to infecting computer devices with malware.

Financial and personally identifiable bits not affected

The company stresses the fact that payment card data has not been impacted since there was no compromise at point-of-sales (PoS) system level.

Also, other sensitive information like social security numbers and driver’s license numbers remains safe.

“Traction has reported this incident to law enforcement authorities, including the Federal Bureau of Investigation. Please know that we have also taken additional security measures to prevent this type of event from occurring in the future,” Biggby says in the notification on Friday.

There are no details about the steps taken to improve the safety of personal information Biggby stores on its systems. It is also unclear how the hackers managed to gain access to the database.