Starbucks data breach

Rajah & Tann Singapore assisted Starbucks Coffee Singapore Pte. Ltd. (“Starbucks SG”) in handling all investigations into personal data found on the dark web purported to be from Starbucks SG’s Singapore customers, discovered via routine threat intelligence monitoring.

Starbucks SG’s database was handled by Ascentis Pte. Ltd. (“Ascentis”), an external IT Vendor. We also liaised with Ascentis to discover the root cause of the data breach.

We advised Starbucks SG on their reporting requirements to the Personal Data Protection Commission Singapore (“PDPC”) and worked with Starbucks SG on providing replies to the various queries posed by the PDPC and also, in handling the negative publicity from the data breach incident. We also advised on the remediation works to be carried out to prevent future breaches.

The matter received wide-spread publicity in light of the large number of individuals in Singapore whose personal data was affected. The matter is still being investigated by the PDPC, but we are confident in obtaining a favourable result for Starbucks SG.

The matter is led by Partner Lionel Tan and supported by Associate Yang Tianzhou.

Read more about the matter here: