A threat actor is claiming to have breached Peet’s Coffee and stolen a database allegedly containing customer information tied to approximately 115,000 records.
The dataset was advertised on an open web forum on May 19 and is being sold as a partial leak allegedly sourced from a May 2026 intrusion involving the coffee retailer’s systems.
According to the post, the exposed records allegedly contain customer names, email addresses, phone numbers, mailing addresses, ZIP codes, and account-related data tied to ecommerce and subscription activity.
Sample rows reviewed by BreachNews appeared structurally consistent with customer relationship management and order fulfillment exports, including fields referencing subscription status, customer centers, billing regions, and ecommerce workflows.
The samples also contained what appeared to be customer contact information associated with online ordering and hospitality-related accounts.
Samples appear tied to ecommerce customer systems
The leaked records were shared in CSV format and included structured fields labeled with customer profile and address information alongside references to internal fulfillment or production locations.
Several entries referenced recurring subscription activity and ecommerce account classifications, potentially indicating the alleged data originated from a backend customer management platform rather than point-of-sale systems.
The threat actor did not provide technical details regarding how the alleged intrusion occurred or whether the claimed data was obtained directly from Peet’s Coffee infrastructure or through a third-party service provider.
The actor behind the claim has recently advertised several additional alleged database leaks involving hospitality, real estate, and customer platform providers, including a previously reported incident involving the VentureYours vacation rental management platform.
At time of publication, Peet’s Coffee had not issued any public statement regarding the alleged breach.
Customer exposure could increase phishing risk
If authentic, the exposed information could potentially be used for phishing campaigns, account takeover attempts, targeted scams, or identity-based fraud involving affected customers.
While the currently leaked samples do not appear to contain passwords or payment card information, the combination of names, addresses, phone numbers, and email accounts could still provide useful material for social engineering attacks.
The incident also reflects the growing trend of threat actors targeting ecommerce and customer engagement platforms that store large volumes of consumer contact and subscription data.
BreachNews has not independently verified the full dataset or confirmed whether Peet’s Coffee systems were directly compromised.
Customers are advised to remain cautious of unsolicited emails, fake account notifications, or suspicious messages referencing Peet’s Coffee orders, subscriptions, or account activity.
