Email Security

    Coffee, Donuts or Stolen Credentials?

    Even the big chains aren't immune from attacks.

    by Boris Vaynberg

    Water, tea and coffee are the most consumed beverages in the world, so it should not be a complete surprise that there are hundreds of large chains with thousands of storefronts that provide the two stimulants on this list to ravenous consumers.

    It seems that hackers enjoy more than just Monster Ultra Energy Drinks, Jolt Cola and Mountain Dew Code Red, since based on 2018 headlines, it appears that coffee chains have been highly susceptible to cyberattacks and malicious code penetrating IT security defenses.

    Caribou Coffee Card Breach

    The most recent of these coffee breaches was 11th on the Largest Top 12 coffee chains in the world. ZDNet reporter Catalin Cimpanu’s article titled “Caribou Coffee chain announces card breach impacting 239 stores” highlighted;

    “US coffee store chain Caribou Coffee announced a security breach today after it discovered unauthorized access of its point of sale (POS) systems.

    The company listed 239 stores of its total 603 locations as impacted, which roughly amounts to 40 percent of all its sites.

    All customers who used a credit or debit card at one of the affected stores between August 28, 2018, and December 3, 2018, should consider their card details compromised and take precautions such as asking for a card replacement, reviewing credit card reports, and enrolling in identity protection programs.”

    Dunkin Donuts Breach Highlights Another Challenge

    Caribou Coffee wasn’t the only coffee chain to have been impacted by cyber thieves. In addition to Costa Coffee reporting a breach, the Currier Post reported also reported “Dunkin' Donuts says hackers might have accessed customer info through data breach” and specifically noted that:

    “Hackers targeted other companies, not Dunkin'. But they used the usernames and passwords they obtained to try to break into various online accounts across the Internet. Dunkin' security stopped most of these attempts, but customers who used their DD Perks username and password for accounts unrelated to Dunkin’ were vulnerable; hackers might have been able to log into some of these accounts.”

    While the Dunkin’ breach wasn’t as significant as the Caribou Coffee breach, it does highlight a very critical byproduct of allowing a breach to happen in the first place; specifically, the concept of credential stuffing. In this case a single data breach compromising specific credentials can then be used to mimic other credentials in order to get seemingly approved credentials for access.

    Coffee & Donuts Preferred

    Every Chief Information Security Officer and IT Security professional would prefer their morning coffee and guilty pleasure of a donut to dealing with remediating cyberattack damage and stolen credentials.

    Preventing malicious code from infiltrating your IT network requires instantaneous protection using modern evasion-proof, signature-less, patented technology to address today’s broad threat landscape without the overhead, guesswork, prediction or latency.

    Whether in the form of ransomware, spyware, trojans, rootkits or any other type of malware yet to be defined, an effective solution will conclusively and in realtime identify and block the malicious code from infiltrating your organization that other solutions cannot even detect.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top