Hershey warns of data breach following phishing attack

Avatar

The American manufacturer of popular sweets such as Kit Kat and Reese’s Peanut Butter Cups told regulators that more than 2,200 people were potentially affected by a data breach after hackers gained access to some of the company’s email accounts.

The Hershey Company submitted a security notification to the Maine Attorney General’s office on Friday about a breach that occurred at the beginning of September and was promptly detected.

In an example of a letter sent to targeted individuals, Hershey said that hackers gained access to “a limited number” of the company’s email accounts and “may have had access to certain personal information.” The company classified the incident as a phishing campaign.

The stolen data “varied from person-to-person,” according to Hershey, but may have included personal information such as first and last names, health and medical information, digital signatures, contact information, driver’s license numbers, credit card numbers, and credentials for online accounts and financial accounts including routing numbers.

The company said that it doesn’t have evidence that any information “was acquired or misused” by the cybercriminals.

Hershey is now investigating the attack with security researchers and said it took steps to prevent similar events in the future, including forced password changes.

This is not the first time Hershey has been targeted by hackers. In 2011, cybercriminals penetrated its server and altered one of the baking recipes posted on the company’s recipe website. This server also stored consumer registration information, including email addresses, birthdates, and street addresses.

In June of this year, Mondelez — the American manufacturer of Oreo cookies and Milka chocolate — also had some of its employees’ data compromised by hackers following a breach at the law firm Bryan Cave, which provides legal services to the firm.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Pegasus spyware trial implicating former president kicks off in Mexico

Next Post

Federal agency breached through Adobe ColdFusion vulnerability

Related Posts

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher
Avatar
Read More