Data Breach: More than 300,000 Starbucks Singapore’s customers affected

Starbucks Cup
A cup of Starbucks beverage (Photo: Starbucks)

[3 mins read]

Just days ago, numerous Starbucks Singapore’s Rewards Membership program customers received emails, notifying them of some unauthorized access. For the safety of their customers, Starbucks Singapore has advised users of their Rewards Membership Program to change their passwords immediately, even though their passwords were said to be unaffected. 

It was reported that about 330,000 Singapore Starbucks customers’ information was leaked, and the data was put up online for sale for $3,500. The data compromised consists of sensitive information such as name, birth date, contact number, gender, email and residential address. 

Starbucks Singapore has said to have adopted additional measures to protect the information of their customers. They have also confirmed that the stored credits and rewards of the Rewards Membership customers remain unaffected. However, all customers are reminded that Starbucks will not send out any URLs for request of membership or personal details.  

Data Breach

A data breach refers to confidential, protected, or sensitive data being leaked to an unauthorized party. This can happen to anyone unprotected, including small or large organizations or individuals. It is important to note that a data breach is not always caused by hackers, and can be a result of a simple careless mistake.  

Here are examples that may result in data breaches

1. ‘Harmless’ Insider 

A classic example would be an employee who uses a colleague’s computer and gained access to sensitive files without having permission or authorization to do so. Even though he/she may not have shared the files with anyone else, the files were accessed by an unauthorized person, thus, it is considered a data breach. 

2. ‘Malicious’ Insider 

This refers to an existing employee or individual with proper authorization to the confidential data but purposely shares the data and information. These individuals usually intend to cause harm to others or the company. 

3. Old Devices 

Unused devices that have not been properly disposed or wiped out may still contain sensitive/ confidential data of the previous owner. The new owner of these devices may have access to the files and data, especially if the device is not locked or the files were not encrypted. 

4. Stolen Devices 

Losing your devices may cause more harm than you think. As technology advances, users tend to store more personal data and confidential information in their devices. The damage would be far worst if it falls in the wrong hands, especially if the devices or accounts are not secured with strong passwords

5. Cyber Criminals 

Refers to hackers or intruders, who use various malicious techniques to launch cyber-attacks to gain access to a network/ device, to gain confidential/sensitive information. Some of these malicious methods include phishing, malwares, and brute force attacks.

Preventing Data Breach

It takes more than resetting your passwords to resolve and prevent data breaches. Damages of a data breach are destructive to businesses, organizations or individuals. More often than usual, prevention is easier than resolution

Here are some ways you can prevent a data breach: 

5 Tips to prevent data breaches

Software updates 

Ensure all software and systems are running on the latest version, and ensure that the latest security patches are kept up-to-date to combat the latest threats.

Encrypt your data 

Encrypt your data to keep it safe and confidential. In simple words, encrypting means converting the data or information into a code to prevent unauthorized access. And also, to make it difficult for intruders or hackers to decrypt. 

Upgrading your devices 

Old devices that are no longer supported by the manufacturer usually meant that there will not be new patches and updates available. This means that your old devices might be vulnerable to new threats in the market. Users are strongly advised to dispose of old/ unused devices properly to avoid any form of a data breach! 

Strong Passwords 

We cannot emphasize enough on how important it is to use strong credentials for your devices and accounts. Users should also activate multi-factor authentication (MFA) whenever possible. 

Cyber Awareness 

Employees are the ‘first line of cyber defenses’. Unfortunately, they are also the weakest link. By educating all employees on essential cyber knowledge will help strengthen your company’s overall cyber defenses. In time to come, they can either be the ones who become the prey of cyber threats, or the predator to spot any suspicious or malicious activities to help your business. 

The long-lasting damages of a data breach usually cost you your reputation, financial losses and trust from your customers or fellow co-workers. Being in the headlines for such a cause isn’t quite the right way to gain publicity for your business. It is certainly not what you want others to remember you for. Cybersecurity is everyone’s responsibility, and it starts with you

Cyber Safety | IT Tips | Cyber Attack | Phishing | Cyber Defenses | Cyber Awareness | Data Breach | Data Security | Data Compromised | Data Breach Protection

Nucleo Consulting