The Whitbread-owned coffee shop said that it had identified a small number of members who had “some unusual activity” on their accounts after carrying out security checks.
A spokesperson told City A.M. the number of people affected was in the “low to mid-hundreds” – or equal to 0.02 per cent of its members – and confined to the UK.
The person added that it will take a few days for it to reset the passwords of all of its Costa Club customers and that access to their online accounts will be suspended until completed.
“We have already contacted those customers affected and emailed all registered Coffee Club members to make them aware of the situation. Customers can still continue to collect and redeem points as usual,” the company said in a statement.
Costa’s Club Card scheme allows members to collect points on their purchase which can then be redeemed in store. For every pound spent customers can earn 5p in points. The company apologised for the breach and added that it does not hold any financial data.