Reading:
Starbucks shifts data protection responsibility onto customers
Share:
starbucks cyber attack

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Starbucks shifts data protection responsibility onto customers

The Starbucks saga continues…

Customers of Starbucks have been struck by multiple counts of fraudulent activity in recent weeks. Like many modern businesses, Starbucks was not prepared to be left behind in the digital world. So, they created an app where customers can easily purchase drinks and snacks on their phones. Around a third of all purchases are reportedly now made through this popular and easy to use app, and whilst the app is responsible for $1 billion worth of purchases, Starbucks have arguably overlooked key security measures.

On the convenient app, customers can make up all sorts of combinations for their complicated drinks without a barista struggling to keep note. Linked to the customers’ personal credit and debit cards, they can pay directly through the app and keep on top of their purchases. However, as we always warn, when a company wants to improve convenience and speed of services by digitalising, it is essential that up-to-date security measures are implemented alongside.

Starbucks – unhappy customers

In the last few weeks, customers started noticing unauthorised activity on their apps. Ms Vanessa Wong, a reporter for media company BuzzFeed, was horrified to see that someone hundreds of miles away had accessed her Starbucks account. The fraudsters loaded $100 onto the app and then proceeded to spend it on various drinks and snacks in the coffee shop. Since a log in is all that’s required, any number of purchases can be made – all the while linked to the users’ registered bank card.

Ms Wong believes that log-ins were stolen from 2015 hacks, and cyber-criminals have been trying to use them to log into various apps; hoping owners would use the same username and password for multiple apps.

Starbucks – a disappointing reaction?

So what should be done? Should Starbucks step in and clamp down on security? Perhaps investigate the complaints of fraudulent activity and then implement extra security measures to make sure each purchase is authorised by the user with an extra passcode? This is exactly what customers expected from the well-established company in the aftermath of the attack. ..

Instead, Starbucks took a different route. The multi-billion dollar company assured customers that “a team of engineers dedicated to advancing security and fraud prevention” have been instructed to look into the activity. Starbucks also reassured users that only “a tiny fraction of one percent” of account holders were affected, but even 1% of users amounts to $1 million stolen from users’ accounts.

That is not such a tiny fraction!

Starbucks later suggested that their customers should change their passwords. Their reaction caused outrage amongst customers who have lost real money through the app. Even if passwords are changed, there are questions about the robustness of the app’s security.

Improvements must be made

Customers are calling for a two-factor authentication to be added to the app. As with online banking, it’s usual to see such steps to be taken before one can even have a look at their finances.

Multiple passwords ensure hackers will need all passcodes in the same order to get into an account, which can make it more difficult. When an app is linked to a bank account – like the Starbucks app – log in details are not always enough; especially if it can be saved so the user only taps the app to access their account.

Some argue that Starbucks need to implement at least one extra step like a separate password (maybe a 4 digit PIN?) or a security question at the payment stage – not just blame customers for having bad passwords.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon