Multinational meals processing large Dole and the primary U.S. bottler for Pepsi each revealed extra details about separate cybersecurity incidents that affected each firms earlier this 12 months.
On Sunday, Dole submitted breach notification paperwork to regulators in California a few February ransomware assault. The corporate confirmed that worker information was accessed in the course of the assault. Whereas the California paperwork don’t say how many individuals had been affected, paperwork filed with regulators in Maine final week stated the data of about 3,885 individuals was concerned.
The corporate – which operates in 75 international locations and reported revenues over $6.5 billion in 2021 – stated that it has “no cause to consider” that worker information “was or might be topic to any fraudulent misuse.” However it’s notifying all U.S. Contemporary Fruit staff of the incident and offering complimentary 1-year credit score monitoring.
“The knowledge varies by particular person, however might embody info collected in the middle of your employment with us, similar to your identify, tackle, phone quantity, driver’s license, Social Safety quantity, passport quantity, date of beginning, and/or different employment associated info,” Dole stated.
They’re nonetheless investigating the incident with a cybersecurity agency however regulation enforcement companies concerned have “not requested any delay in offering this notification.”
The ransomware assault in February pressured a number of of the corporate’s manufacturing vegetation in North America to shut briefly. CNN reported that the incident had impacted shipments to grocery shops in New Mexico and Texas.
In its Q1 earnings report in Might, the corporate stated the assault affected their recent greens enterprise in addition to their operations in Chile.
“Direct prices associated to the incident had been $10.5 million of which $4.8 million associated to persevering with operations,” the corporate stated.
Separate filings with the U.S. Securities and Trade Fee stated the ransomware assault impacted “roughly half of Legacy Dole’s servers and one-quarter of its end-user computer systems.”
“The assault additionally resulted in unauthorized entry to sure Dole info, together with details about sure staff, though Dole has no cause to consider any worker info was publicly launched,” they stated.
Pepsi Bottling Enterprise confirms assault
Pepsi Bottling Ventures additionally addressed a cybersecurity incident that got here to gentle in February. The corporate stated it has 19 places in North Carolina, South Carolina, Maryland, and Delaware and is the biggest bottler of Pepsi merchandise within the U.S.
BleepingComputer was first to report in February that the corporate filed paperwork with regulators in Maine a few breach that occurred in December. However the firm didn’t reply to requests for remark from a number of shops together with Recorded Future Information.
On Monday, the corporate stated present and former staff and contractors had been affected by the incident, noting that the incident didn’t contain any info from PepsiCo.
“On January 10, 2023, Pepsi Bottling Ventures realized that unauthorized exercise was reported on sure inside IT techniques,” the corporate stated.
“Based mostly on its investigation, an unknown celebration accessed these techniques on or round December 23, 2022, and downloaded sure info contained within the accessed IT techniques. As of January 19, 2023, PBV has detected no unauthorized exercise.”
The knowledge accessed inc;udes names, addresses, emails, monetary account info – together with passwords, PINs and different entry numbers – driver’s licenses, ID playing cards Social Safety numbers, passport info, digital signatures, paperwork on worker advantages and employment, medical historical past, medical health insurance claims and coverage numbers.
Victims will get one 12 months of free identification safety companies however the firm urged these affected to vary passwords and usernames for all accounts linked to Pepsi Bottling Ventures.
Regardless of submitting paperwork concerning the breach in February, the corporate filed a second, an identical set of paperwork final week with the Maine Legal professional Normal’s workplace.
The corporate didn’t reply to requests for remark about why the paperwork had been filed a second time – however the June submitting elevated the variety of victims from 17,000 to twenty-eight,000.
Be taught extra.
Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand coated cybersecurity at ZDNet and TechRepublic.