Industry News

Teavana May Have Suffered Security Breach, Brian Krebs Informs

Law officials and finance institutions suspect a security breach at tea and tea accessories retailer Teavana in which miscreants used stolen data to clone credit and debit cards.

Neither Teavana nor Starbucks, the coffee company that bought the Teavana franchise last year, confirmed the breach, but an ongoing federal investigation points toward foul play at Teavana.

An anonymous source with a high-profile US credit card issuer told security blogger Brian Krebs that the financial institution detected an alarming fraud level, suggesting a security leak that leads back to Teavana and its almost 300 stores ranging nationwide.

Another financial institution placed the breach in March 2013 when the financial institution noticed illegal activity in the form of fake cards used to buy expensive gift cards at various Teavana sales points. It is suspected that crooks installed malicious code on point-of-sale devices to steal data from cards’ magnetic stripes when people had their cards swiped at the counter.

Teavana refuses to comment on the ongoing investigations. “In the normal course of business, we are contacted by card brands and bank partners to participate in requests to ensure the integrity of all systems, and we participate fully in these requests,” Jaime Riley, a Starbucks spokeswoman, told Krebs. “If and when issues are ever substantiated, we will take action to notify and support customers in the most appropriate way possible.”

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.