Starbucks data breach shows the real damage of a breach by Art Gross

15/05/2015 04:43

Starbucks has a big problem. Don’t worry, they will still sell you their $5 cup of coffee. The problem they are dealing with is the repercussions of a data breach. The breach is connected with Starbucks’ mobile app. The Starbucks’ mobile app makes it incredible easy to buy a cup of coffee. Customers love the convenience and it helps to sell millions of cups of coffee. Here is a look at the details of the data breach:

Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, can escalate quickly, and the consumer protections controlling the transaction are unclear, I recommend all Starbucks consumers immediately disable auto-reload on the Starbucks mobile payments and gift cards.

It should be noted that this breach did not affect millions of customers like Home Depot or Target data breaches. And in some ways the breach may not be totally Starbucks’ fault. The breach may be possible because customers use weak passwords that are easy to guess. Although it should be noted that the full details of how and why the breach occurred have not been released yet.

The real issue here is that Starbucks is experiencing very real damage to their reputation. Yesterday 2 colleagues emailed me about the Starbucks' breach, I was tagged on 3 Facebook posts regarding the breach and my Twitter feed was loaded with details of the breach. It can be said the breach is “going viral”.

One of the news articles that was sent to me contained quotes from breach victims:

Obando, who works in a Houston high school's technology department, said he disabled the app.
"I think it's too easy to dip into someone's bank account," she said. "The Starbucks app's security measures need to be updated."Overton has since removed the Starbucks app from her phone as well. 

If Starbucks’ customers decide to remove the app from their phones because they no longer trust the security measures that are in place, this will have a real impact on Starbucks. They have spent millions on building and marketing the application. The perceived benefits of the application that customers have will be lost.

Many clients of ours are worried about regulatory (HIPAA) or industry (PCI) fines they may receive if they have a data breach. The real concern should not be on fines but on what the impact to their reputation will be, what the impact on their revenue will be and what the impact on their customers / clients / patients will be.