Starbucks Hit by Data Breach

Starbucks discloses data breach affecting hundreds of employees

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

As the world's largest coffeehouse chain, Starbucks has over 380,000 employees (also known as partners) and operates nearly 41,000 locations across 88 countries.

In data breach notification letters filed with Maine's Attorney General and sent to affected employees on Tuesday, the company says that it discovered the incident on February 6.

A joint investigation with external cybersecurity experts found that the attackers compromised 889 Starbucks Partner Central accounts used to manage employment details, personal information, benefits, and HR information.

Starbucks said the threat actors had access to affected individuals' accounts between January 19 and February 11, but didn't explain why it took five days to remove them from its systems.

Telus says it is investigating hack of its systems

Canadian telecommunications and business services firm Telus (T.TO), opens new tab is investigating a cybersecurity incident involving unauthorized access to some of its ‌systems, a company spokesperson said on Thursday.

The ShinyHunters hacking group told Reuters in a message it stole at least 700 terabytes of data from Telus.

All business operations within the company “remain fully operational, and there is no evidence of disruption to ⁠customer connectivity or service,” the spokesperson said in a statement provided to Reuters.

Telus is working with cyber forensics experts to support its investigation and with law enforcement, and is "notifying impacted customers, as appropriate," the spokesperson said.

The statement did not address what kind of data was stolen or how much.

Samples of the data shared by the hacking group with Reuters suggest the stolen data includes ‌information ⁠related to at least two dozen companies that included personally identifiable information, call data and recordings, FBI background check information and source code spanning multiple business divisions within the business services and telecommunications company.

Canadian retail giant Loblaw notifies customers of data breach

Loblaw Companies Limited (Loblaw), the largest food and pharmacy retailer in Canada, announced that hackers breached a portion of its IT network and accessed basic customer information.

The retailer has a nationwide network of 2,500 stores (franchise supermarkets, pharmacies, banking kiosks, and apparel shops) and plans to expand with 70 new ones this year as part of a five-year plan to invest $10 billion by 2030.

The company employs 220,000 people and has an annual revenue of $45 billion. Its best-known commercial banners and brands are Loblaws, Real Canadian Superstore, No Frills, Maxi, President’s Choice, PC Optimum, and Joe Fresh.

Earlier this week, the company informed customers that it had detected suspicious activity on its network that led to discovering an intrusion.

“After identifying suspicious activity on a contained, non-critical part of its IT network, the Company has determined that a criminal third-party accessed some basic customer information such as names, phone numbers, and email addresses,” Loblaw said.

Coalition of information-sharing groups warns of cyber, physical attacks

A coalition of threat information groups on Wednesday warned that the U.S. and Israeli bombing campaign has led to increased risk of retaliatory cyberattacks from Iran-linked actors as well as physical attacks from violent extremists.

The coalition, led by the Food and Agriculture Information Sharing and Analysis Center and the Information Technology-ISAC, warned that state-sponsored groups, hacktivists and criminal groups are likely to target critical infrastructure sites in the U.S. using various tactics, including spear-phishing or stolen credentials.

“Iranian actors have formidable capabilities and tend to be more active during times of geopolitical conflict,” Scott Algeier, executive director of IT-ISAC, told Cybersecurity Dive.

…

Information security teams are being urged to take precautionary measures, monitor for anomalous activity, back up data, enable multifactor authentication and prepare for incident response.

…

Several U.S. companies have been targeted for attack in recent weeks by either hacktivist groups or state-linked threat actors.

5 ways to protect manufacturing companies from cyberattacks

The manufacturing sector was the most targeted by hackers in 2025, for the fifth year in a row, according to a recent IBM X-Force report. But although many manufacturers have taken some steps to protect their systems, cybersecurity experts say most can do more to prevent attacks, or at least limit the damage if an attack occurs.

Manufacturers are targeted by hackers in part because they have “high value intellectual property and complex legacy systems that are harder to patch and therefore easier to exploit,” Ryan Anschutz, North American incidence response lead at IBM X-Force, said in an email.

Adding to the problem, Anschutz said, is that manufacturing organizations often do not have the capital to fund good cybersecurity programs.

Patrick Garrity, security researcher at VulnCheck, agreed that older systems make for attractive targets. “Many manufacturers still rely on legacy technologies and industrial systems that were not designed with modern cybersecurity in mind,” he said in an email.

CT man nets $1.5M in nationwide romance scam. Harm caused by scheme is ‘devastating,’: official

A Connecticut man was sentenced to nine years in prison for wire fraud and money laundering stemming from a romance scam that affected victims across the country, according to federal authorities.

Naabanyin Aniagyei-Cobbold, 30, of East Hartford, also was ordered to pay $1,554,442.46 in restitution, authorities said. He also was sentenced to three years of supervised release.

Citing public court documents and evidence presented during the sentencing, authorities said Aniagyei-Cobbold, “played an integral part in an extensive romance scam conspiracy—a fraudulent scheme in which individuals create fake profiles on internet dating sites and other social media platforms to exploit victims for financial gain.”

Aniagyei-Cobbold operated the fake company, Alpha Distributions LLC, which he used to receive money from victims, according to federal authorities in Iowa. He also “recruited and coached” at least one other individual through creating “a sham entity, a website, and opening bank accounts—all for the purpose of receiving money from romance scam victims,” according to federal authorities.