Information Security at Starbucks
Last updated February 24 2014.
Starbucks is committed to protecting our customers’ personal information. We adhere to industry-leading standards to manage our network, secure our web and mobile applications, and set security policies across our organization. We treat the security and safety of our customers’ personal information with utmost importance.
For the protection of our customers, Starbucks does not disclose, discuss or confirm security matters until comprehensively investigating, diagnosing and fixing any known issues.
If you have any questions about Starbucks’ information security policies and practices, please email us at InformationSecurityServices@starbucks.com.
How Starbucks Works With the Security Research Community
Starbucks recognizes the important contributions that the security research community can make. We welcome responsible and immediate reporting of potential security issues with our websites, online services, or mobile applications. If you are a member of the research community and would like to report an issue, please see the below guidelines:
- Communicate to the Starbucks Information Security team (InformationSecurityServices@starbucks.com) the full details of any issue found.
- We ask that you do not disclose the issue to others until we’ve had reasonable time to address it.
- Please do not intentionally harm the experience or usefulness of the service to others.
- Do not attempt to view, modify, or damage data belonging to others.
- We will make every attempt to respond in a timely manner with acknowledgement of the potential security issue, an estimated timeframe for fixing the issue, and notification that the issue has been fixed.
If you believe you have discovered an issue, please contact us at InformationSecurityServices@starbucks.com.