Caribou Coffee revealed on Thursday that a data breach involving at least 265 of its branches exposed some of its customers’ personal data.
The personal information of affected customers could include name and credit card information, like the card number, expiration date and card security code.
It’s unclear how many people may have been affected by the breach.
The coffee chain said it identified “unusual activity” on its network at the end of November and then launched an investigation with Mandiant, a cybersecurity firm, to determine whether there had been unauthorized action.
The affected stores were based mostly in Minnesota where the chain is headquartered, but also in Colorado, Florida, Georgia, Iowa, Kansas, Missouri, North Carolina, North Dakota, South Dakota and Wisconsin.
“We sincerely apologize that this breach occurred and assure you that our team is working to help prevent data security issues from occurring in the future,” Caribou Coffee President John Butcher said in a statement.
Caribou describes itself on its website as the “second largest company operated premium coffeehouse in the United States with more than 273 company owned stores and 127 domestic license locations in 18 states and 203 international stores in 10 locations."