The Coffee Bean & Tea Leaf over the weekend confirmed it notified 53,901 people of several data breaches in 2024 that compromised the following personal info:
- Names
- Social Security numbers
- Usernames
- Passwords
- Payment card info
- Taxpayer ID number
- Health insurance info
- Medical info
- Financial account info
- Alien registration numbers
- Driver’s license numbers
- Electronic signatures
- Dates of birth
- Passport numbers
Ransomware group Inc in July claimed responsibility for the breach. The gang posted images of what it says are scans of documents stolen from the cafe chain as proof of its claim.
The Coffee Bean and Tea Leaf has not verified Inc’s claim.
“The investigation determined that on June 6, 2024, an unauthorized actor gained access to some of our systems. We also learned of unauthorized access to certain limited email accounts used by our company on or about April 5 to May 29, 2024, and August 28 to August 29, 2024,” the company said in its notice to victims.
The notice does not mention any offer of free credit monitoring or identity theft protection, which is the status quo for breaches of this severity.
We do not yet know if The Coffee Bean & Tea Leaf paid a ransom, how much Inc demanded, or how attackers breached the company’s systems. The notice does not specify if the breach affected employees, customers, or both. Comparitech contacted The Coffee Bean & Tea Leaf for comment and will update this article if it responds.
Who is Inc Ransomware?
Inc Ransomware emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software.
Inc has claimed 68 confirmed ransomware attacks in total, compromising more than 4 million records. Inc attacks recently struck Hungary’s Defense Procurement Agency, the UK’s Alder Hey Children’s NHS Foundation Trust, and Chilean healthcare company Fundación Arturo López Pérez.
The group claimed another 136 unconfirmed attacks that haven’t been acknowledged by targets.
Ransomware attacks on US food and beverage
Comparitech researchers logged 27 confirmed ransomware attacks on US food and beverage companies in 2024, compromising about 437,000 records. The number of attacks increased since last year (26), but the number of records compromised decreased from 1.7 million.
This attack on The Coffee Bean & Tea Leaf is the third-largest such attack this year by number of records compromised, surpassed by attacks on Bojangles and Panera Bread.
Other recently confirmed attacks on American F&B companies struck tea producer ITO EN and donut chain Krispy Kreme. Ransomware gang Play claimed both of those attacks. Food producer Furmano’s issued data breach notifications to 2,365 people last week following an attack by Black Basta in October of this year.
About The Coffee Bean & Tea Leaf
Founded in 1963, The Coffee Bean and Tea Leaf, a.k.a. Coffee Bean, is a chain of cafes based in Los Angeles, California. It consists of more than 1,000 franchised locations in the US and 31 other countries. The company was acquired by Philippine company Jollibee Foods Corporation in 2019. The Coffee Bean employs more than 18,000 people, according to external sources.