A Starbucks employee has filed a class-action lawsuit against the company following an October laptop theft and data breach A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.Laura Krottner was one of 97,000 employees notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen on Oct. 29. Krottner’s suit accuses the company of fraud and negligence.The lawsuit was filed Thursday in federal court in Seattle. Starbucks has offered employees one-year’s free credit monitoring and protection, but Krottner is asking the court to extend that to five years. She is also seeking unspecified damages and asking that Starbucks be ordered to submit to periodic security audits of its computer systems.“Starbucks failed to follow reasonable precautions to secure its employees’ [personally identifiable information], failed to provide timely notice, and failed to protect employees from invasion of privacy, fraud, identity theft, and associated expenses,” court filings state, adding that Krottner and the other employees must now spend “considerable time and money to protect themselves,” from identity theft. The company was unable to immediately comment on the lawsuit, but it said it has seen no fraud linked to the incident, according to its breach notification letter.Lately, however, chatter on some Starbucks message boards shows that there have been some ID theft victims as a result of the incident, the lawsuit states. News of the lawsuit was first reported Saturday on the Spam Notes blog written by Venkat Balasubramani, the principal with Balasubramani Law.The suit is the latest of several in which plaintiffs are trying to prove that data breaches are harmful, even if they do not result in identity theft, Balasubramani said in an interview Monday. Courts in Arkansas and Indiana have rejected similar claims in recent years, he noted.The plaintiffs in the Starbucks case, who are seeking a jury trial, may have better luck, however. “Washington could be different,” he said. “I think Washington is viewed as a privacy friendly state.”Late last month the U.S. Department of Veterans Affairs reached a US$20 million settlement with plaintiffs in a class-action suit seeking damages following the 2006 theft of a laptop and hard drive containing data on 26.5 million veterans. According to reports, veterans who can show harm related to the theft will be paid between $75 and $1,500.Starbucks has lost laptops before. In November 2006, the company reported that it had lost two laptops containing the Social Security numbers of nearly 60,000 current and former employees. Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe