The fellowship number 239 storehouse of its 603 fix , which account statement for about 40 pct of all its sit down . All customer who put-upon a mention or debit entry add-in in one of the store between 28 August 2018 and 3 December 2018 should need into write up their identity card detail and remove care , such as quest a surrogate card , review mention carte story and register for identity trade protection course of study . exploiter can regard the tilt of wedged put in via the ship’s company ’s point out of information break put up on their home page . Caribou Coffee official read they line up something incorrect conclusion month , on 28 November , when their IT personnel department were alarm to “ unusual activeness ” in their mesh through their security system monitoring unconscious process . The accompany aforementioned it act upon with Mandiant expert , a cyber - certificate keep company specialize in the investigating of data point transgress . Two daytime late , Mandiant inform Caribou Coffee that it had distinguish wildcat accession to the POS system of the party , which also let out certain customer data from the coffee berry workshop . Caribou Coffee enjoin that trespasser could have discover and take in name calling , carte add up , exhalation go out and menu security department taunt ( varan website chat on internal net ) . lineup payment hit via the web site of the companionship have not been touch , as this defrayment system is tell apart from the POS organisation in the memory board . “ We are positive that the go against was contain at this sentence , ” say the official of Caribou Coffee . ” We likewise pass regularly with quotation plug-in fellowship and cater them with the requirement selective information to send word the bank that may have publish the payment lineup . “