News of a security breach at Caribou Coffee Company didn’t much surprise Mark Lanterman, one of the nation’s foremost computer forensics experts.
Lanterman isn’t involved in the Caribou investigation, but it’s the kind of thing the Harvard educated, former law enforcement officer sees frequently in his work helping businesses, municipalities, law enforcement agencies and others hunt down cyber thieves.
“When these breaches occur, it means there’s a weakness somewhere in the system,” said Lanterman, who launched his Minnetonka-based company, Computer Forensic Services, in 1998, and has trained lawyers and U.S. Supreme Court justices.
“Often retailers will have a small IT department that just can’t keep up with making sure every single system is up-to-date. It just takes one computer to be missed and the criminals will take advantage of that.”
Caribou said Thursday that debit and credit card data from 265 of its company-owned coffee stores in Minnesota and 10 other states was accessed, affecting customers who shopped there between Aug. 28 and Dec. 3.
Store employees were to have been trained on how to help customers, but one working at a store in downtown Minneapolis hadn’t heard about the breach, while an employee at another store was able to provide a toll free number.
It took Caribou nearly three weeks to alert customers that their credit card data may have been stolen.
“Companies go into disbelief,” Lanterman said. “They don’t like the fallout of having to publicly announce, ‘We’re not perfect. We had a data breach.’ ”
But it also takes time for computer experts to investigate and define the scope of the problem, he said.
In the scheme of breaches, Lanterman characterized this as an inconvenience. Consumers should be vigilant in monitoring financial statements. Lanterman also suggests ditching debit cards, which provide less consumer protection than credit cards and provide crooks a direct line into bank accounts. Credit cards and reloadable gift cards are much safer, he said.
Check credit reports, but Lanterman urged consumers to go one step further and request a freeze at the three national credit bureaus — Equifax, Experian and TransUnion. This prevents someone from opening a credit card in your name.
“We have to assume our information has been stolen,” he said. “We have to assume our information is for sale on the dark web.”