International Coffee & Tea Data Breach Affects 53,901 People

International Coffee & Tea, LLC, the parent company of The Coffee Bean & Tea Leaf, recently experienced a significant data breach that compromised sensitive consumer information. The breach was first discovered on June 6, 2024, when the company noticed suspicious activity in its computer environment. Following an investigation with third-party cybersecurity specialists, it was determined that an unauthorized actor gained access to certain systems on multiple occasions.

The breach occurred in three distinct timeframes: April 5 to May 29, 2024, June 6, 2024, and August 28 to August 29, 2024. During these incidents, unauthorized access was gained to company systems and limited email accounts. This unauthorized access resulted in the exposure of sensitive consumer data.

The breach affected a total of 53,901 individuals in the United States. Among those impacted, 11 were residents of Maine, and 110 were residents of Massachusetts.

The types of information exposed included:

• Names
• Social Security numbers
• Financial account information
• Driver's license numbers

The breach was disclosed to the California Attorney General on December 20, 2024, the Maine Attorney General on December 24, 2024, and the Massachusetts Attorney General on December 20, 2024.

The breach was severe due to the highly sensitive nature of the information exposed. The compromised data, such as Social Security numbers and financial account details, could be used for identity theft or financial fraud, making it critical for affected individuals to take immediate protective measures.

International Coffee & Tea's response

In response to the breach, International Coffee & Tea took several steps to mitigate the damage and prevent future incidents. Upon discovering the suspicious activity, the company launched an investigation with the help of third-party cybersecurity specialists and internal teams. They worked to identify the scope of the breach and determine which individuals were affected.

The company has since notified federal law enforcement and relevant state regulators about the incident. Additionally, they are offering 12 months of complimentary credit monitoring and identity restoration services through Equifax to individuals whose personal information was potentially affected.

To further protect consumer data, the company is implementing enhanced employee training and additional security measures to strengthen its systems against future attacks.

If you are affected by the data breach

If you have been notified that your information was part of this breach, it is essential to act quickly to protect yourself.

Here are the steps you should take:

1. Enroll in credit monitoring services: Take advantage of the 12 months of free credit monitoring offered by International Coffee & Tea, LLC through Equifax. This service can help you detect unauthorized activity on your credit report.
2. Place a fraud alert on your credit file: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) to place a fraud alert. This will make it harder for identity thieves to open accounts in your name.
3. Consider a credit freeze: A credit freeze prevents creditors from accessing your credit report without your permission. This is a strong measure to protect against identity theft but may delay or interfere with new credit applications.
4. Monitor your financial accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your financial institution immediately.
5. Check your credit reports: Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting agencies. Visit AnnualCreditReport.com to request your reports and look for any unfamiliar accounts or activity.
6. Be vigilant for phishing attempts: Scammers may attempt to exploit the situation by sending fraudulent emails or calls posing as representatives from The Coffee Bean & Tea Leaf. Avoid clicking on suspicious links or providing personal information over the phone.
7. Report identity theft: If you suspect your information has been misused, file a report with the Federal Trade Commission at IdentityTheft.gov and contact your local law enforcement.