An investigation by Swiss Public Television, SRF, found that data wasn’t sufficiently protected when customers used WiFi at cafes in Switzerland of the global coffee chain.
Free WiFi access at Starbucks - one of the great perks offered by the company – was investigated by the SRF consumer programme “Kassensturzexternal link”. The programme worked with experts at the Dreamlab cyber security firm to hack into the WiFi system at one of the Starbucks cafes in the Swiss capital, Bern.
The investigation revealed that with a free downloadable app, Dreamlab could quickly and easily find the so-called MAC-address of users (a unique identifier for every device connected to a network) that enable it to access data entered by customers. This includes customers' names, phone numbers, and e-mail addresses that could be used to steal identities and commit various crimes.
The federal data protection law clearly states that a WiFi operator must treat customer data confidentially and ensure its integrity as well as its protection.
Marc Peter from DreamLab and a professor of digital transformation explained that “public WiFi networks are generally seen as insecure. Especially those abroad shouldn’t be used”.
In a response to the "Kassensturz" report, a Starbucks spokesperson said there were no indications any customer data had been compromised and that in the meantime the company had implemented measures blocking access to customers' personal information.