Hershey warns of data breach following phishing attack


The American manufacturer of popular sweets such as Kit Kat and Reese’s Peanut Butter Cups told regulators that more than 2,200 people were potentially affected by a data breach after hackers gained access to some of the company’s email accounts.

The Hershey Company submitted a security notification to the Maine Attorney General’s office on Friday about a breach that occurred at the beginning of September and was promptly detected.

In an example of a letter sent to targeted individuals, Hershey said that hackers gained access to “a limited number” of the company’s email accounts and “may have had access to certain personal information.” The company classified the incident as a phishing campaign.

The stolen data “varied from person-to-person,” according to Hershey, but may have included personal information such as first and last names, health and medical information, digital signatures, contact information, driver’s license numbers, credit card numbers, and credentials for online accounts and financial accounts including routing numbers.

The company said that it doesn’t have evidence that any information “was acquired or misused” by the cybercriminals.

Hershey is now investigating the attack with security researchers and said it took steps to prevent similar events in the future, including forced password changes.

This is not the first time Hershey has been targeted by hackers. In 2011, cybercriminals penetrated its server and altered one of the baking recipes posted on the company’s recipe website. This server also stored consumer registration information, including email addresses, birthdates, and street addresses.

In June of this year, Mondelez — the American manufacturer of Oreo cookies and Milka chocolate — also had some of its employees’ data compromised by hackers following a breach at the law firm Bryan Cave, which provides legal services to the firm.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Pegasus spyware trial implicating former president kicks off in Mexico

Next Post

Federal agency breached through Adobe ColdFusion vulnerability

Related Posts

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in
Read More

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a
Read More