Between January 19 and February 11, 2026, attackers used phishing pages cloning the Starbucks Partner Central portal to steal employee credentials. Starbucks detected the unauthorized access on February 6, 2026. Approximately 889 employees were affected. Compromised data includes names, Social Security numbers, dates of birth, and bank account and routing numbers. Starbucks launched an investigation, notified law enforcement, and strengthened security controls for Partner Central accounts. Affected employees were offered 24 months of identity protection and restoration services through Experian IdentityWorks, including identity theft detection, recovery assistance, and $1 million in coverage.