There's no sugarcoating this news: The Hershey Company has disclosed cyber crooks gobbled up 2,214 people's financial information following a phishing campaign that netted the chocolate maker's data.
According to a security notification filed with the Maine Attorney General's office, the phishing emails landed in employees' inboxes in early September.
From that point on, it sounds like accessing private data was as easy as stealing candy from a baby.
The other Chocolate Factory did not immediately respond to The Register's questions.
This data included first and last names, health and medical information, health insurance information, digital signatures, dates of birth, addresses and contact information, driver's license numbers, credit card numbers with passcodes or security codes, and credentials for online accounts and financial accounts including routing numbers.
Basically, the crooks accessed anything they need for all types of evil deeds with old-fashioned financial theft likely topping the list.
The company didn't sweeten the deal by throwing in some complimentary chocolate.
Hershey joins the ranks of high-profile intrusions that occurred in early September, and include Las Vegas casino giants Caesars Entertainment and MGM Resorts, both of whom suffered network intrusions and extortion demands around this same time.
Criminals haven't shown any signs of slowing down as the end of the year approaches, with organizations ranging from web tracking and analytics firm New Relic, to 60 US credit unions, and the British Library reporting problems in the last few weeks.
This Cyber News was published on go.theregister.com. Publication date: Mon, 04 Dec 2023 19:43:06 +0000