Food delivery company Purfoods has revealed it has suffered a ransomware attack in which sensitive data from over a million customers may have been stolen.
The company behind the ‘Mom’s Meals’ line notified 1,237,681 individuals of a cyber attack that took place in mid-January 2023. The report does not mention which threat actors were behind the attack, but highlights the possibility of the theft of sensitive data.
“Because the investigation also revealed the presence of tools that could be used for data exfiltration, Purfoods could not rule out the possibility that data was being extracted from one of its file servers,” the company said.
Social security numbers are at risk
A third-party incident response company, later hired to help deal with the aftermath of the attack, concluded that the data the attackers may have collected includes customer names, social security numbers, driver’s licenses and state identification numbers, financial accounts and payment information. card information (this also includes security codes, access codes, passwords or PINs). In addition, the database contained medical information, health information and dates of birth.
Purfood’s unique selling proposition includes preparing health-focused meals, specifically its Mom’s Meals line, in which it partnered with more than 500 healthcare providers to deliver refrigerated meals to people covered by Medicare and Medicaid.
Purfoods is silent on whether the company knows the threat actor’s name, or the amount of money requested, but it does say it has notified law enforcement of the breach and has begun implementing “additional safeguards” and more employee training to minimize the threat. likelihood of such an incident occurring again. It will also provide free credit monitoring to affected customers.
It also shared more information on how to protect against identity fraud and wire fraud, just in case.
Through: The register