The customer data has been stolen from more than 200 locations in Caribou Coffee, according to a chain of Minneapolis coffee shops based in Minneapolis.
In a letter to loyalty clients, Caribou Coffee said credit card data and other information had been stolen from 265 locations in Minnesota and other states, including Colorado, Florida, Georgia, Iowa, North Carolina and Wisconsin.
The company said it noticed "extraordinary activity" on November 28 and began working with Internet security company Mandiant. On November 30, Mandiant decided the breach occurred through the company's point of sale system. According to Caribou, orders from the company's loyalty program were not affected.
In the letter, Carrot's president, John Butcher, apologized for the breach.
"Please make sure we are closely monitoring our systems and data and access to the account as we always do," wrote Butcher. "In addition, we are making the necessary changes to strengthen our network against future attacks and improve our payment systems to protect your information in the future.We also communicate regularly with credit card companies and provide them with the necessary information to notify banks that may have issued affected payment cards."
It is the latest in a series of security breaches that still plague a variety of brands and industries. Last month, Marriott said a database of 500 million records from its Starwood records had been compromised. Earlier this week, NASA said the data breach had revealed personal staff information.
Increased frequency of data breaches, coupled with increased scrutiny of data collection practices, raises questions about whether trademarks should retain a higher standard when it comes to protecting customer data.
Congress can address the issue next year. A number of lawmakers have expressed interest in federal legislation that requires reporting to supervisors after violations occur and changing how data is collected by technology companies and consumer brands.