September 29, 2023

PurFoods, a U.S. producer of medically-tailored home-delivered meals, has disclosed a knowledge breach affecting over 1.2 million folks.

In keeping with a report filed to regulators final week, hackers might need accessed clients’ private, monetary and medical info, together with names, monetary account and fee card numbers, Social Safety numbers, medical health insurance member identification numbers, in addition to account safety codes and passwords.

The corporate mentioned that “it has seen no proof that any private info was misused or additional disclosed on account of the cyberattack.”

PurFoods companions with well being plans, managed care organizations, and authorities businesses to supply meals to folks enrolled in Medicare and Medicaid well being packages, in addition to those that pay for the service themselves. PurFoods clients embrace seniors, high-risk sufferers and people who find themselves completely or briefly disabled.

The incident occurred in January however was not found till February, the corporate mentioned. Clients had been notified late final week that their information had been compromised.PurFoods additionally notified federal regulation enforcement concerning the incident.

Through the investigation, which continues to be ongoing, the corporate came upon that sure information in its community had been encrypted, in keeping with a discover despatched to affected clients within the state of Maine. It additionally recognized the presence of instruments that could possibly be used for information exfiltration, including that it’s attainable that information was stolen from certainly one of its file servers.

The corporate mentioned it supplied free one-year entry to credit score monitoring providers for people whose private info was doubtlessly affected. “We’re sorry for any inconvenience this incident could trigger,” the letter to clients mentioned.

To stop comparable assaults sooner or later, “PurFoods can also be working to implement extra safeguards and coaching to its staff.” The corporate didn’t instantly reply to a request for remark.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Impartial and The Kyiv Publish.