Orobi | Cyber Pulse: Issue #015

Cyber incidents don’t only affect customers.

Increasingly, attackers are targeting internal systems, especially HR platforms that store highly sensitive employee information.

A recent breach involving Starbucks’ internal HR system exposed the personal data of hundreds of employees after attackers gained unauthorized access to employee accounts.

These platforms often contain:

• Social Security numbers
• Dates of birth
• Home addresses
• Banking details for payroll
• Benefits and tax information
• Emergency contacts

Unlike passwords, this type of data cannot be easily changed once exposed.

In this case, attackers reportedly accessed accounts through compromised credentials rather than breaking into infrastructure directly.

That pattern is becoming increasingly common.

Patterns seen across recent HR-related breaches:

• Internal portals targeted using stolen login credentials
• Phishing campaigns aimed at employees rather than customers
• Long attacker “dwell time” inside accounts before detection
• High-value identity data stolen for fraud and identity theft

The Starbucks incident affected 889 employee accounts tied to its internal Partner Central HR platform.

Exposed data reportedly included durable identifiers such as Social Security numbers and financial details, information that can be misused for years.

Across industries, HR systems are now viewed as “identity gold mines” for attackers.

Treat internal systems as high-risk assets.

Many organizations heavily secure customer-facing systems while internal portals remain less protected.

Key safeguards for HR and employee platforms:

• Enforce Multi-Factor Authentication for all employees
• Restrict access to only what each role requires
• Monitor for unusual login locations or times
• Disable unused accounts immediately
• Review permissions regularly

Credential theft is often enough to bypass traditional defenses.

To reduce risk to employee data:

1) Strengthen identity controls
Require MFA for HR, payroll, and benefits platforms, not just executives.

2) Implement least-privilege access
Most employees should not have access to full personnel records.

3) Monitor for abnormal activity
Large downloads, new devices, or unusual access patterns can signal compromise.

4) Train employees to recognize targeted phishing
Attackers frequently target HR staff or employees with payroll-related messages.

5) Prepare an incident response plan
Breaches involving personal data carry legal, financial, and reputational consequences.

If you’re unsure whether your business is exposed to phishing, impersonation, or email-based attacks, we offer a Cyber Risk Assessment for San Antonio businesses.

We identify real-world risks, highlight security gaps, and provide clear, actionable next steps without fear tactics or sales pressure.

Book a Cybersecurity Risk Assessment
https://links.orobi.io/widget/bookings/orobi-cybersecurity-solutions-calendar-o5in0x3xj

Most people assume cyber attacks target customers.

But some of the most damaging incidents start inside the organization, where the most sensitive data lives.

Employee information is permanent, valuable, and difficult to recover once exposed.

Protecting internal systems isn’t just an IT task.
It’s part of protecting your people.

If Cyber Pulse SA helps you think differently about risk, consider sharing it with someone responsible for security, HR, or operations!

Cyber Pulse SA publishes weekly, offering clear, practical cybersecurity insights!

If this issue was helpful, we’d love for you to subscribe and get future editions delivered straight to your inbox!

You’ll always know what matters before it becomes a problem!

Respectfully,

Carlos
Orobi | Cybersecurity Solutions