Mondelez International, the producer of popular cookies Oreo and Ritz, has reported a data breach that compromised the personal data of its employees, totaling over 51,000 current and former staff members. The stolen data included various personal information such as social insurance numbers, names, addresses, dates of birth, gender, and more. However, Mondelez has reassured that there has been no known case of abuse of the stolen data and that no financial information was taken.
The breach occurred due to unauthorized access into the network of law firm Bryan Cave Leighton Paisner LLP (BCLP), which provided Mondelez with services. Luckily, Mondelez’s own IT system was not affected. Nevertheless, Mondelez has offered free credit monitoring services for the affected employees to ensure their safety for the next 24 months.
BCLP, the law firm responsible for the data breach, discovered the unauthorized access on February 27th and subsequently detected the hacking that started on February 23rd. The hacking continued until March 1st without detection. Mondelez later received information leading to the identification of those affected and providing notifications on May 22nd.
Mondelez is no stranger to cyber attacks, having been one of the major companies affected by the notPetya cyber attack. The company recently resolved a lawsuit against Zurich American Insurance Company, which refused to cover the costs of Mondelez, amounting to over $100 million, in addressing the consequences of the attack.
The details of how the hackers gained access to BCLP’s network and the extent of data stolen remains unclear. It is also unknown whether a ransom was demanded. An investigation into the cyber attack is currently ongoing.
Mondelez has expressed deep concern about the data breach and is working towards the resolution of the issue.