Starbucks Security Lapse

This is a bit of a departure from what I normally write about on here. It’s usually all ballet, sewing, crafting and the like. But the good thing about having a blog is when something serious happens, you can actually share that serious news with others. I’ve mentioned in the past I like Teavana, they’re now owned by Starbucks and this is about a serious problem I encountered on the Starbucks website. I want to start out by saying I don’t think everyone needs to boycott Starbucks or do anything drastic. I’m not that kind of person, you know the sort, the “lets just destroy them cause they pissed me off” type. But what I am saying is this, if you pay by credit card in their stores or on their website, stop now. Paypal and cash are options, use them.

This is a little embarrassing to admit, but I actually noticed there was a problem no less than a week before I took action. But (and yes, I’m going to use my kid as an excuse) I was distracted when I was out and forgot. I was looking at my phone while at Fred Meyer to see if I had a free drink and I saw someone else’s name. I thought perhaps it was a fluke. You know how sometimes you’re on someone else’s wifi and you see something you shouldn’t? We’ve all had that happen. I was in a store, I logged out of the site, logged back  in and saw my name and figured that was the end of it. But it wasn’t… I should have looked closer, but I was paying attention to my kid and forgot to look again at home.

The next week I went to look at my account again because my account had been running low. As some of you may already know I own (and love) the Breville Perfect Tea Maker, and I like making my own fancy beverages. But this winter things have been so out of control I’ve been buying more than I make at home. I really haven’t been putting enough care into anything at all lately. 😦 But back to my story, I went to reload my account and at the very last second stopped. And it’s lucky for Alyson W. Jackson of Alabama that I did, because I almost used her credit card to do it. Yes, that’s right, I had full access to someone else’s credit card. I could have spent hundreds reloading my card, or bought a number of coffee and gift items. All with her money. And what would she have done about it? Complained she didn’t make the charge? Still would have been too late, and really I could have claimed I never noticed it wasn’t my money I was spending. After all, I was signed into my account. Morally I’d have been doing something wrong, but it’s sort of the virtual equivalent of finding cash on the ground. Fortunately for Alyson and Starbucks I’m the sort who will shout for miles “Has anyone lost any money!!!!”.

It was late and their phones were closed. I knew this was really important and they needed to be alerted to this as soon as possible so I left my account alone and sent off an email. When I still hadn’t heard back from them the next afternoon (around 4pm) I called. The lady I spoke to was very polite and friendly, but also very, very dumb. I hate saying that but sadly it’s true. I had to explain the problem several times and finally when she deleted the card from my account (FTR, I could have done that myself but I left it because I wanted them to see I wasn’t making this up) the woman asked me if I wanted to add another card! I told her under no circumstances would I be doing that as they clearly couldn’t protect their customers credit card information. This woman really couldn’t have been more casual about the whole situation and it was like she dealt with this sort of thing all day. It was very scary. I finally received an email from them at around midnight that night. It told me they thought this was a really serious matter so I should call right away. You can’t make this stuff up.

I had an exchange going with them, it was brief as they eventually just stopped writing back. I told them flat out I was going to put the entire exchange on here. This is completely unedited. And yes, I was a bit snarky. I make no apologies.

 

Received: 2016-01-11 04:12:06
To: <info@starbucks.cust-serv.com>
Subject: Other

Hi,This is about a security issue I’m having. I logged on to do my “Starbucks For Life Game” (BTW, I felt like I wasn’t getting credited properly for the game and I might know why now). And I decided to reload my card. The payment and billing info linked to my account is not mine! It’s someone by the name of Alyson W. Jackson and she lives in Alabama. I have never been there and don’t know her. Obviously I’m not evil, so I didn’t reload my card on her dime. But this needs to be straighten out ASAP! I’m positive that the account I’ve signed into is mine. I signed into my computer and iPad, both times with my email and my password. The result was the same, this is not a fluke. I thought I noticed something amiss on my phone several days ago, but I was out with my son and didn’t really have time to do more than glance. I wish I’d been paying more attention then… Clearly something has gone wrong and our accounts have been merged. Please help me sort this out! I don’t want access to someone else’s credit card!

Hello ———–,

Thank you for contacting Starbucks. I hope you are doing well today. I just finished reading your email and appreciate you taking the time to share your concerns with us.

The situation that you described is very concerning to me as I’m sure it is to you. I would like to help you get this taken care of promptly. In order to best assist you, we would like the opportunity to speak with you over the phone.

Please call our customer contact center and have reference # 21336919 handy to provide to our representative. Our contact center can be reached at 877-309-3180 Monday-Friday 5am-8pm, as well as Saturday-Sunday 6am-4pm (PST).

If you ever have any questions or concerns in the future, please visit us at customerservice.starbucks.com.

Sincerely,

Annice M.
customer service
Hi,

I emailed your company almost 24 hours ago about something very serious. And your response is please call us? For starters I’d have to wait another day to call because your phones are closed, and secondly this is not something that you should be just sitting on your hands waiting to take care of.

Since I clearly take breaches of privacy more seriously than you do, I’ve already called. I called hours ago. The woman I spoke to on the phone had the same casual attitude towards this as you do. She had me give her the info on the account and just deleted the credit card like it was no big deal. Uh, I could have done that as I HAD ACESS to the card just as if it were my own. Then, and this is hilarious, she asked me if I wanted to add another card. I told her absolutely not as it’s clear your site isn’t safe. There was no apology, no “we’ll make sure this never happens again”, no nothing. I’m so glad I’ve never used my credit card on your site, and now that this has happened, I never will.

I’ve already taken the liberty of posting about this on your Facebook page. People need to be warned to delete their credit cards from your site, they aren’t safe on there. Since I know you’ll probably just delete that post I reposted it on my own page and it’s already started to be shared there. Thank goodness.

Best Regards,

———————

Hello —-,

Thank you for getting back in touch with us.

I apologize if you felt us asking you to call meant we did not take your concern seriously.
We take maintaining the security of customer accounts very seriously. Because of the nature of your email, we wanted to make sure we could address it as soon as possible, and get all the information we needed at one time.

I am sorry if this made you feel like your personal information, or that of other customers does not matter. And I do apologize if you felt your concern was not properly addressed by the representative you spoke with earlier.

I want to assure you that I’ve shared your comments with the appropriate teams for their review.

If you ever have any questions or concerns in the future, please visit us at customerservice.starbucks.com.

Sincerely,

LaTosha J
customer service

*Time Out*

I just want to take this opportunity to point out the spot where my name is in the greeting is shortened. Some of you might have picked up on that. That’s where this employee decided they were somehow at liberty to give me a nickname despite the fact I was using my full name in all of my correspondences with them. It’s a little thing but the unprofessionalism just really irks me, especially given the circumstances.

*Time In*

Hi,

No, it had nothing to do with you asking me to call and everything to do with the amount of time it took you to respond to a very serious issue. The response time for the first email was twenty hours. This time it was eighteen. I could understand if I were writing about ingredients, or a problem reloading my card. Please, take your time getting back to me on those questions. Issues regarding credit card safety? That needs to be addressed ASAP. That’s why I emailed. Because it was too late at night to call when I discovered there was indeed a problem, so I emailed assuming you’d get it first thing. Not that you’d get it then sit on the information until it was once again too late for me to call. So I’m glad I took the initiative when it became clear you do not care.

And for the record, this little statement “I am sorry if this made you feel like your personal information, or that of other customers does not matter.” is laughable. Your tone implies I’m overreacting. I’m not. If a customer contacts you and alerts you to a serious security breech you act promptly. You do not sit around twiddling your thumbs, you do not have your reps on the phone act like it’s NIB and happens all the time, you do not basically say “Oh well, sorry you feel that way.” You say, “You know what? You’re right, we screwed up big time and for that we’re genuinely sorry.” You do NOT try to SHIFT BLAME.

This entire exchange will be going on my blog. I really can’t believe you guys. This is horrifying.

—————-

 

Now again, I’m not saying anyone should just give up Starbucks or Teavana. I am saying you should log onto their site if you have an account and delete your credit card if you have one on there. You’ll still be able to reload your account with Paypal or go into any store and do the same with cash. It’d be nice if they’d just stop their nonsense altogether and get with Apple Pay. They don’t want to do that though and now they’re having security issues. I’m not exactly surprised. They want to use their cards. I get it, but it has problems. So please, be safe. Because if you have a problem I can’t imagine Starbucks is going to care at all. It’s going to be you fighting with your credit card company trying to claim you really didn’t go on a shopping spree and them saying but of course you did, no one else was signed into your account.

So please, I never ask this. But if there’s a coffee/tea junkie in your life, pass this post on to them. Make sure your all your friends and family know. Maybe if you’re a credit card only person and you’re too afraid to visit the stores now you might consider buying the little Via packets they sell at Target and the Supermarkets so you don’t even need to visit the chain to enjoy their coffee. The company has said they’re gluten free in the past and I’ve yet to get sick on them, but I encourage you to contact them yourself if you have any concerns as they’re not labeled GF. I still have my account and I’m not planning on deleting it. But I’ll really never use a credit card with them again. Keep that information safe!

See you all next week. Hopefully with a much happier post!

Advertisements

5 thoughts on “Starbucks Security Lapse

  1. Whoah this is appalling!!!! Can you notify an ombudsmen or contact someone like huffington post or the like to publicise it further? Clearly the people at the bottom are not taking this seriously When those at the top certainly should! X

    • I know, it really is bad. They really didn’t care at all. I couldn’t believe it. I was so sure they’d take it more seriously. And I wasn’t looking for recognition or a reward or something, just acknowledgment that this was serious and going to be treated as such. But it just wasn’t. I wish I could accurately convey the attitude of the woman I spoke to on the phone. Very polite, very friendly, but also very confused and so blasé about the fact I almost spent someone else’s money and it was her company’s fault.

      I don’t know what the right thing to do is exactly. Because I can’t prove this wasn’t a one off. It might have been, but on the other hand the way they were so casual about it, it might not have been. I don’t want to be the person responsible for starting a riot. And there will be…. I don’t know if Starbucks has the same presence in the UK it does here but in the US you either love them or you hate them. I’m a weirdo who’s kind of middle of the road. I think some of their practices could stand to be changed and it’s awful when they put independents out of business, but I don’t think they’re evil simply because they’re a large coffee chain.

      I actually have the billing address of the person who’s card I had access to. I’ve thought about writing to her to tell her what happened. It’s not fair she should be kept in the dark. And really, if anyone should be outraged, it should be her.

      • Honestly I don’t know much about this sort of thing, but if you have a Twitter I would be tweeting it to them (@starbucks) and tagging (not sure of the correct lingo) local media/news Twitters. Big companies like Starbucks usually take action when you tweet things like this at them/the media. It’s a serious matter, you’re not over reacting.

      • I do have a Twitter account and I’m like the worlds worst millennial cause I literally never use it. It’s tied to the blog but that’s about it, lol. I probably should do something. They ignored something big and I was like “Really?”. Cause again, I don’t know if this was a fluke or not. But even if it was, it’s a major deal to the person who’s information was put at risk. I feel rotten for her. I’ve used her name and what state she lives in so if someone who knows her comes across my blog post or Facebook post then maybe someone will give her a heads up cause if anyone should complain it’s her. I’m just glad that if anyone had access to someone else’s credit card it was me, cause I’d never spend a cent. And in the event I did it on accident there’d have been a check in the mail that day!

        ETA, I just sent them a Tweet. I tagged the Huffington post and the Seattle Times. We’ll see what happens I suppose. I have a screen shot of the other person’s credit card info and billing address. Along with my cards at the top. And since I hold on to basically everything I still have all those cards. It’ll be hard for them to deny this happened. This is just so disappointing. 😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s