Skip to main content
coffee beans

Coffee Bean & Tea Leaf Data Breach Investigation

The class action privacy lawyers at The Lyon Firm are investigating an alleged data breach event at International Coffee & Tea, LLC, the parent company of the Coffee Bean & Tea Leaf chain. The Los Angeles company has reported that over 53,000 individuals may have had their personal data compromised in the incident.

Contact our data breach attorneys to learn more about the legal process and to protect yourself following any data security incident. By taking legal action, individuals can seek compensation for any damages and begin to mitigate the risks of fraud and identity theft. We have filed numerous data breach claims on behalf of plaintiffs in California and nationwide.

What Happened at Coffee Bean & Tea Leaf?

In June 2024, The Coffee Bean & Tea Leaf became aware of suspicious activity on their company servers and began an investigation with third-party cybersecurity experts. The initial review concluded that on June 6, 2024, an unauthorized actor gained access to the IT systems of The Coffee Bean & Tea Leaf, as well as unauthorized access to some email accounts used by The Coffee Bean & Tea Leaf on or about April 5 to May 29, 2024, and August 28 to August 29, 2024.

On December 19, 2024, International Coffee & Tea, LLC d/b/a The Coffee Bean & Tea Leaf, filed an official notice of data breach with the Attorney General of Maine. The data breach notification letters explain that the data theft incident resulted in an unauthorized party being able to access consumer names, Social Security numbers, dates of birth, alien registration numbers, driver’s license numbers, financial account information, medical information, health insurance information, and passport numbers.

If you receive a data breach notice from The Coffee Bean & Tea Leaf, it is important to understand the risks of such IT security lapses. We believe that any entity that collects and stores your personal information has a legal and ethical duty to properly protect it with reasonably secure data security measures. Any negligent company may be held accountable for damages related to leaked or stolen personal data.