Hershey warns of data breach following phishing attack


The US maker of popular treats such as Kit Kat and Reese’s Peanut Butter Cups told regulators that more than 2,200 people were potentially affected by a data breach after hackers gained access to some of the company’s email accounts .

The Hershey Company submitted on Friday, a security notification to the Maine Attorney General’s Office regarding a breach that occurred in early September and was quickly detected.

In an example of letter sent to targeted individuals, Hershey said the hackers gained access to “a limited number” of the company’s email accounts and “may have gained access to some personal information.” The company called the incident a phishing campaign.

The stolen data “varied from person to person,” according to Hershey, but could include personal information such as first and last names, medical and health information, digital signatures, contact information, license numbers, driving, credit card numbers and identifying information for online accounts and financial accounts, including routing numbers.

The company said it had no evidence that any information “was acquired or misused” by cybercriminals.

Hershey is currently investigating the attack with security researchers and said it has taken steps to prevent similar events in the future, including forced password changes.

This isn’t the first time Hershey has been targeted by hackers. In 2011, cybercriminals penetrated its server and modified one of the baking recipes posted on the company’s recipe website. This server also stored consumer registration information, including email addresses, dates of birth, and mailing addresses.

In June this year, Mondelez — the American maker of Oreo cookies and Milka chocolate — also saw some of its employee data compromised by hackers following a infringe at the law firm of Bryan Cave, which provides legal services to the firm.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.

Leave a comment