UPDATE: It's now posted in the first comment. Starbucks employees say in the open thread below that a laptop with 97,000 employees' social security numbers, names and addresses was stolen, and that a message about this theft was sent to the partners. Somebody please post THE FULL TEXT OF THE MESSAGE in the comments below to verify this.
November 22, 2008
The SSC has my SSN, my last six employers have my SSN, the banks that issued my five credit cards have my SSN, my mortage company has my SSN, my accountant, my bank, my 401K, the hospital where I had my kids, the schools that my kids attend, my doctor, my attorney, my dentist, my mother, my sister....on and on and on. Who doesn't have my SSN??
Careless on Starbucks part - YES! Unheard of, no. Something like this makes the news almost every single day.
I would like for 1) Starbucks to pay to monitor my credit for the next three years, not one, 2) automatically extend the fraud alert past the 90 day maximum to the full time that I choose to have my credit monitored and 3) have Starbucks tell me exactly what they plan to do in the future to safeguard our information.
For example - no more laptops at home, I know when I work from home, I sign onto my work computer using my home computer. My work computer, locked with a computer lock, never leaves the SSC. Tell me that laptops will never leave the SSC - they don't need to in order to work from home.
Identity theft is almost a given in this day and age. At least with this incident, I have some advance notice that this is a possibility that my identity COULD be stolen. I might not have this notice with my accountant, attorney, doctor, dentist......
Posted by: IO | November 23, 2008 at 09:34 PM
seriously guys we need to file a class action lawsuit!!! and if sbux doesnt have a good reason y the fbi was not contacted i will contact them myself and i suggest all u do the same....sbux should not be able to brush this under the rug....if it was howies info u kno damn well there would be hell to pay!
Posted by: somadatsbux | November 23, 2008 at 09:37 PM
Right now it's a local matter... a stolen laptop.
If any of the information is used and traced back to the laptop and this incident, then it may become an issue for the FBI.
This is why the FBI is not involved... right now they have no reason to be.
Posted by: Gord | November 23, 2008 at 09:51 PM
To Gord,
Ask yourself this. WHY would a thief want to reformat and re-sell this particular laptop to E-Bay or pawn it anywhere else? What's the point of it?
Information is worth more than the laptop itself. If you had a laptop stolen from a military base containing top secret information, would you erase the laptop and sell the machine, OR would you attempt to sell the information?
Which is more valuable? Think about it, GORD.
Posted by: anonymous | November 23, 2008 at 10:01 PM
Oh and Gord,
How the laptop got stolen is probably not known but if this was taken from the person's house, it had to be done by a professional thief and not some petty crook with a crowbar about to smash a window or crawl through one with a ski-mask.
Yes, it was the worker's fault for taking it home and Starbucks' security is the pits, I'm sure. I would never, ever take a corporate laptop home. I used to work at one temporarily a few years ago and they would assign me one to log in and out and it stays there at work since it's their property.
The question remains is why are data of 97K partners on that laptop? Was the person accessing information from the house through a remote server? Work from home should be done remotely through secure passkeys and such just what the poster from a few posts above said.
Posted by: anonymous | November 23, 2008 at 10:07 PM
A few days before I received this letter, I received one from a credit card company attempting to verify my application- one I don't remember making. I threw it away, but now with the Starbucks letter I'm VERY nervous
Posted by: Alex | November 23, 2008 at 10:21 PM
If the same thing happened in 2003/04 then this in 2008 is very disturbing. Why aren't we learning from our mistakes? And even if it didn't happen in 03/04 why in the world is the personal information on 97,000 employees on a laptop that is taken home by another employee? This is very frustrating! I try so hard to watch who I give my personal information to and the company I work for doesn't seem to have any security guarding my information. Security to me isn't letting someone take home 97,000 partners info home with them. Uggghhhh!
Posted by: Lattegal | November 23, 2008 at 10:37 PM
Anon:
I don't know how you can link a house robbery to taking something from a military base. If you take something from a military base, you have a good idea that there might be something valuable on it. If you rob a house, you grab anything you think has value.
If the laptop was the only thing stolen, then I would concede that the person who robbed the house knew of the information. If it's a general house robbery then that the odds the person who robbed the place still has the laptop is slim to none... unless they decided to keep it for personal use (in which case, it's likely been reformatted etc.).
Furthermore, I haven't even seen a confirmed report that the laptop was stolen from a house. Could have been a car, could have been left behind at a store, or stolen from a hotel room. I would bet the thing was a quick cash grab. Your average thief isn't a computer expert (hence why they have to steal)... they don't crack passwords, search the computer for possibly valuable information and then find someone willing to buy it. Too much work for the majority of thieves.
Likewise, if any of the 97000 partners have ever purchased anything using a credit card, at any time, anywhere, they are more at risk of identity theft than is likely from this laptop theft (unless the theft was purposely targeted at getting that information - which like I said above, is highly unlikely).
Posted by: Gord | November 23, 2008 at 10:37 PM
Gord,
Read Tomokun's post all the way above and you'll see why the house theft was mentioned.
Posted by: anonymous | November 23, 2008 at 11:17 PM
Regardless of how or where it was stolen, it does not negate the fact that Starbucks allows information about 97,000 employees to be stored on a unsecured laptop and that is unforgivable!!!!!!
Posted by: GRTL | November 23, 2008 at 11:24 PM
Oh my gosh you guys are all out of control. To be so naive as to believe that your information couldn't be sold or shared at anytime, makes me chuckle. So, the laptop stays at work. You really think that would prevent your information from ever being accessed? Ever heard of a bitter bean looking to make some side cash? Ever heard of hackers that can get through despite roadblocks in security? The reality is, your personal information can be hacked and you can protect yourself as much as possible, but the fact that a laptop was stolen doesn't make me feel any less safe than I did the day before.
Posted by: SoCalRocks! | November 23, 2008 at 11:53 PM
hi i don't work for starbucks but i think you guys need to punch starbucks in the face with a big fat class action lawsuit...they have the money to write each and every one of you a nice check...what's the worst thing that could happen? you get laid off? you're all probably underpaid and underemployed anyway...you can all do better than working for some corp that doesn't give a damn about you.
Posted by: iamme | November 24, 2008 at 12:53 AM
Highlight of my starbucks career? Not any roll out or favourite customer... it was when Melody was outrageously accused of working for Starbucks... people are so funny. Rock on Mel.
Posted by: SPORK | November 24, 2008 at 01:15 AM
I hate when the first thing people think about is suing. Let cooler heads prevail, and wait and see if any problems arise. I too received the letter, but I'm not about to say anything rash. To Alex at 4:49, you gave enough information in your post for almost anyone to steal your identity anyway. You have a first name 151XXXX, that's all anyone needs for the Sbux database. Before we think of hypotheticals, think of how much information we've given away with no problems. When you call your cable service provider they confirm with your social security number, same with banks. EVERYONE in these companies has access to your social security number, and there are plenty of people who never run into problems. I'm waiting to see how this turns out before I even utter the words "class action"
Posted by: Ryan (SS) | November 24, 2008 at 01:46 AM
I don't think anyone is arguing that your credit can be obtained by unscrupulous people... I think the point is that your employer should do the best job possible to protect your valuable info. They can't control some crackhead freak getting into your mailbox... they can however have strict protocols in place to protect what they have.
Posted by: Pat Nerr | November 24, 2008 at 08:20 AM
@Alex
I am not a lwayer, but you raise a great question. The credit monotoring MAY be a settlement. Read all the documens before you accept it.
If they are asking you to waive rights, RUN do not walk to an attorney.
Posted by: Bill | November 24, 2008 at 08:20 AM
so what happens WHEN our info IS stolen, whos gonna pay for all this? i smell a class action law suit!!!! whos in?
Posted by: l84lady | November 24, 2008 at 08:39 AM
so what happens WHEN out info gets Stollen? what are they gonna do for US?
happy holidays guys we lost UR INFO?
Posted by: l84lady | November 24, 2008 at 08:47 AM
if anyone wants to have the class action started with me, email me krottnerl84@yahoo.com
Posted by: l84lady | November 24, 2008 at 08:52 AM
Not to make light of this situation, but data theft is common. Stolen laptops make the local news, but the serious stuff is usually reported elsewhere. (If you're interested, google "data breach".)
Disk encryption alone does not ensure privacy or security. Princeton University researchers found that keys to encrypted data can easily be found by blasting memory chips with cold air.
Let's be careful out there.
Posted by: no melon | November 24, 2008 at 10:24 AM
ok ppl i did some research on class action lawsuits and if we do a class action lawsuit with a judgment since as for right now there are no monatary damages yet....the judgment would be to forbid sbux to keep personal information on a laptop in such a haphazzard way.
Posted by: sopissedatsbux | November 24, 2008 at 10:34 AM
Any large company that lets such information onto a laptop with encryption is a disaster waiting to happen.
OMG... it already happended!
TrueCrypt is FREE and can encrypt a drive so that nobody short of the DoD can get into it. Our compnay has used it for years.
If you workd for SBUX you need to get some kind of letter going to insist on such now. Your info could be sold 1 year and 2 days from now because the "one year free" offer to you is now public.
That Security guy you have is real gem.
Posted by: Bobbi | November 24, 2008 at 11:33 AM
We've all had days when maybe we vented here. But so much hatred toward Starbucks is getting old. This is a gossip column. I want to enjoy coming to this site. I loved the last couple discussions. All these bitter, hateful, sue Starbucks even if it kills them people are annoying and taking any fun away from this site.
If you hate Starbucks so much, QUIT. If you don't think you get paid enough to make coffee, QUIT. Learn a trade that pays more and just move on.
Posted by: | November 24, 2008 at 01:04 PM
To "#1"
we have an upwards of 156,000 partners and counting, it tells you on the portal, along with how many stores we have. But the 97,000 partners whose information is on that laptop, could include partners that quit also. I haven't received a letter yet and i'm still with the company, i'm in the 139XXXX partners, so we'll see.
Posted by: supahvisah | November 24, 2008 at 01:41 PM
I don't understand the fury of people who accuse others of "hating"...people's personal information has been stolen, and people are upset; how is this being hateful?
You can take an attitude of "oh, these things happen", but that doesn't make the situation any less frustrating. Anyone who is upset over this has every right to feel that way.
Posted by: | November 24, 2008 at 03:56 PM
To even discuss a class action suit as a partner, is ridiculous. I am one of the partners that rec'd this letter and am for one worried about my credit, but am not planning a class action suit against the company. It makes me think that partners like you are not legendary yourselves and need to understand that this is defintely a one off case. I see a lot of changes here at the SSC regarding security and trust that from this point forward, it will not happen again. The fact that free credit monitoring for a year was offered, speaks soundly on how Starbucks cares about the partners. Besides, this was supposed to COMPANY CONFIDENTIAL, how did it leak to a national blog...
Posted by: Partner | November 24, 2008 at 04:37 PM
Yea I just got my letter today and I'm in a total state of WTF. Besides doing this equifax thing, is there any other way to prevent identity theft? This sucks. >_>
Posted by: ChicagoPartner | November 24, 2008 at 07:34 PM
Please, please, please: I respectfully request that posters not ask me why I don't quit my job when I have a legitimate complaint against my employer. Or even when I don't and I'm just bitching about it. I can't even begin to tell you how disrespectful that is.
The webmaster here seems pretty cool and open to suggestions: as an antidote to this thread, you could always request a "what was your coolest Starbucks moment" or "share a story about your favorite customer/partner" thread and I'll contribute positively to it.
Like for example, today in Sacramento a Starbucks drive thru had a chain of 109 customers pay for the drink of the customer in the car behind them ... that blew my mind.
Posted by: Chucktown Barista | November 24, 2008 at 07:45 PM
I received the letter today and will also be looking at taking legal actions against Starbucks. I have a request for contact in from a Group Legal plan for assistance.
Posted by: Former WA state partner | November 24, 2008 at 10:39 PM
I also find it BS that Starbucks admit fault, but if something goes wrong,expects us to pay a 250 deductiable. Something is serisouly wrong with Starbucks and a lawsuit is needed to show Starbucks they can not treat their employees (we are not partners anymore, dont buy that) with such a lack of respect and security. Starbucks will never get another dollar from me again.
Posted by: Brad | November 24, 2008 at 10:48 PM
Spork reading is good. She was accused of having a great big ole Starbucks hard-on...not working for the company. Rock on Mel!
Posted by: | November 24, 2008 at 10:57 PM
good lord. i effing hate this company more and more as the weeks go by! i quit about seven weeks ago and thought i was through with this but now i have to deal with this. thanks starbucks! please, will someone get in touch with me if someone files class action? thanks!
Posted by: Nate | November 24, 2008 at 11:56 PM
This story is now reported by Komo News, an ABC station in Seattle, Wa
http://www.komonews.com/news/35044744.html
Posted by: | November 25, 2008 at 12:55 AM
I regret to comment, esp in this thread, but I got the letter and today I found out that one of my accounts has been in the negative because someone else used my account information (I used to live in another state and had direct deposit with another bank than I do now, that another bank is the one in the negative, and the information was known to sbux). While I can't say that it's related to this, it might have been totally unrelated in fact, someone could have stolen my information another way, but the timing seems weird. I wish I didn't have to deal with this.
Posted by: Kat | November 25, 2008 at 01:06 AM
Starbucks Employees- I would recommend getting your free annual credit report from the goverment program now to see if something looks funny. Wait a few days for legal advice about if you should accept the offer (it could be Sbuxs way out of giving you more legally), then if the all clear is given to sign up do so. Starbucks has already stolen from you once, dont let them do it again. Howard Schultz, care to post your private info and only get 1 year of monitoring. Post it for 5 minutes on Starbucks.com at a secret time, then only give yourself 1 yr of free monitoring. Then tell us its a fair deal. Shame on you, have you lost the respect for your "partners" you "Poured your heart into"
Posted by: | November 25, 2008 at 03:11 AM
I just don't get it. This is the second time this has happened. I do not blame the partners affected being pissed off. I remember when I got the same letter 4 or 5 yrs ago. I was very worried as I'm sure all of you are now. I can say though, that my identity was not stolen, and none of my accounts were tampered with. So hold on, keep monitoring your credit, call your bank and let them know what has happened and have them call you if there are any "out of the norm" purchases or withdrawls to your account. Most banks will work with you. Or, you can easily change accounts just to further protect yourselves. If you need to vent, then vent. We are all human and this is a biggie. I feel your pain. Good luck and my advice, change banks so no one has any info. on you....
Posted by: Darleen | November 25, 2008 at 04:16 AM
I wonder if there is any data there for former partners. I'm sure the bux would really go out of their way to inform someone who no longer works for them.
This is one time I'm kinda glad my credit is in the crapper. Good luck getting anything from my info!
Posted by: | November 25, 2008 at 07:37 AM
I agree this is ridiculous.PLEASE READ ALL THIS>
I work in the SSC currently.
Laptops are not left to and fro.
You are required to secure it to your desk. This was always a point in both my last departments. All sbux machine require a password of multiple characters and keys. The person who stole tha laptop was likely not aware of what was on it and simply saw $$$. Chances are, unless a hacker with a high level of skill gets his hands on the machine, the data will not be touched. Also please remember ANYONE WITHIN THE COMPANY WITH SENSITIVE DATA should be using PGP Encryption as is the company standard. HOWEVER------- I fully agree that the bottom line for me is that THIS TYPE OF DATA SHOULD NEVER LEAVE THE BUILDING AND SHOULD NOT BE ON LAPTOP.
Posted by: ssc partner | November 25, 2008 at 08:56 AM
Anon, that's a pretty impressive conspiracy theory.
You lost your job BECAUSE of such a letter?
I don't understand.
Were you fired, or did you resign? If fired, what for -- even ostensibly?
Posted by: 152***** | November 25, 2008 at 03:08 PM
152*******
No, the letter came about a couple of months before that. I was not fired but was asked to leave for some bizarre reasons the SM gave me which I still think to this day is probably full of crap. I believe a shift supervisor had something to do with it behind the scenes who was considered a 'drama queen'.
If the missing laptops affected the 5 and 6 digit partner numbers back in 2005/2006 (correction: it was not in 2003/2004), did they lose their jobs in relation to it? I don't know. What if the data in the laptops were erased and the partner information was gone? Does that mean they are 'non-existent' in the system making it easier for the company to say "Sorry, your data is not here with us. You have to go because you don't exist in our databases".
Who knows? But I would'nt be surprised if this tactic was considered by shady corporations.
Posted by: anonymous | November 25, 2008 at 03:23 PM
So, okay, you weren't fired, the store manager just suggested that you quit?
Weird. What were the reasons she gave? What do you think happened with the 'Shift?
Posted by: 152**** | November 25, 2008 at 03:34 PM
Was the SS named Jenn or Shauna and were they from Oak Harbor, WA....I believe the drama continues because it's allowed and it sucks the life out of everyone around them! The negative drama queens are the new face of Sbux!
Posted by: | November 25, 2008 at 04:28 PM
Why isnt this stuff all encrypted to begin with? We have two contractors working at our location who work for a luxury German car company. They have passwords that change every minute (they have a key fob with changing passcodes they reference)...and all their communications are encypted via VPN to Germany. I believe everything on their laptop is encrypted also.
Posted by: GlenFeliz Regular | November 25, 2008 at 05:53 PM
152********
The store I worked at is located in Vermont. It's one of those "you're not up to standards" speeches some of you may have heard. I think the 'drama queen' shift said some things that were contradictory and this person did'nt do a good job on that one shift I was un-officially covering for someone else. It's a long story but needless to say, the SM screwed up.
That's all I'm going to say.
Posted by: anonymous | November 25, 2008 at 11:06 PM
I got the letter, and went to the site, which I dont think I should of had to do, waste my time because of THEIR error. Then it said it couldnt ID me and I have to call them! So I have to go even more out of my way because of them?
lets see someone get their identity stolen, and the lawsuits starbucks will face...
Posted by: dbarista | November 25, 2008 at 11:54 PM
I just got my letter today... Talk about feeling violated... :(
So now, I really just want to know the WHYs???
WHY was all of my personal information ALLOWED to leave the corporate office??? Why was someone allowed to take it home to begin with?? Why was someone allowed to walk out of the office with 97,000 people's personal information, home addresses, social security numbers?
I realize that nothing will probably come from this and I really have nothing to worry about... but, that still doesn't help the feeling of violation I feel.
I just don't get it.
Posted by: the slicer | November 26, 2008 at 02:16 AM
The slicer,
I know what you mean exactly. Most likely nothing will happen to your credit, however, there IS most definitely that feeling of violation of privacy. You have every right to feel that way. Most of you know the love I still have for this company, but this is big, this is now the second time this has happpened and for me, once is enough. Take care of sensitive info. learn from your mistakes, Starbucks did neither, very shameful in my opinion.
Posted by: Darleen | November 26, 2008 at 04:03 AM
Darleen- Although I can't conclusively say it had anything to do with this laptop incident, a few days before I got the letter I was informed that somebody tried to open a credit card using my information.
Somebody earlier in the thread mentioned her bank account being cleaned out, so I'm sure you understand why people are worried.
These could both be isolated incidents, but if a further pattern emerges, I think people are going to start lawyering up.
Posted by: Alex | November 26, 2008 at 03:53 PM
does anyone know if this is also in regards to former employees?
my last day was oct 20th of this year. and someone said something about how it took a month for them to say anything...
Posted by: hollie | November 26, 2008 at 04:51 PM
i can't believe the company expects us to figure out what to do with their mistake. i am so careful with my personal information b/c i know ppl who have had their identity stolen. it's not pretty. now a company, whom i worked 6 years for, has blindly "lost" my information...thanks bux...thanks a bunch...as if i don't have enuff to worry about...
Posted by: drivethruhater | November 26, 2008 at 07:38 PM