Snack food company Mondelez warns employees of data theft
Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, has warned employees that their personal data has been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies.
Mondelez stated in its data breach notice that more than 50,000 of its current and former employees were affected by the incident.
The leaked information may include employees' Social Security numbers, first and last names, addresses, dates of birth, marital statuses, genders, employee identification numbers and retirement plan information. Financial information, including credit card numbers, was not affected, the company said.
Mondelez stated that it is not aware of any attempted or actual misuse of the leaked information but emphasized that “it takes this incident very seriously” and regrets any concern or inconvenience it may cause. The breach “did not occur on or affect Mondelez systems or networks in any way,” the company said.
As of the time of publication, neither Mondelez nor Bryan Cave responded to The Record's additional inquiry regarding the incident.
Based on Mondelez's statement, hackers gained unauthorized access to Bryan Cave's systems, including a specific storage area for certain customer files, from February 27 to March 1.
Following the discovery, Bryan Cave hired a cybersecurity forensics firm to conduct an investigation and notified Mondelez about the incident in late March. Mondelez did not identify the security company.
Mondelez warned its employees about the breach on June 15 after conducting a review of impacted information and identifying all affected individuals. The company said it offered credit monitoring services to victims of the breach.
The company just recently reached a settlement in its multi-year legal battle over a $100 million insurance claim regarding damage from the NotPetya cyberattack in 2017. The insurer had initially refused to cover the damage to Mondelez, which in court documents attested it lost more than 1,700 servers and 24,000 laptops to the malware.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.