Nestlé denies cyberattack, says stolen data came from business test website

Multinational food conglomerate Nestlé has denied that it suffered a cyberattack after a Twitter account associated with hacking group Anonymous leaked a 10GB trove of information that allegedly included emails, passwords and client information. 

A Nestlé spokesperson told The Record that the data came from a situation that happened in February. 

“This claim of a cyberattack against Nestlé and subsequent data leak has no foundation. It relates to a case from February this year, when some randomized and predominantly publicly available test data of a B2B nature was unintentionally made accessible online for a short period of time on a single business test website,” the spokesperson said. 

“We quickly investigated and no further action was deemed necessary. Cybersecurity is one of our top priorities. We continuously monitor the IT landscape and take all actions needed to ensure we stay cybersecurity-resilient.”

JUST IN: The #Anonymous collective has leaked the database of the largest food company in the world, Nestlé. Leaked 10GB data of emails, passwords, Nestlé business costumers, etc. #OpRussia #boycottnestle #PullOutOfRussia pic.twitter.com/rvVkn0ygxj

— Anonymous TV (@YourAnonTV) March 22, 2022

On Tuesday, multiple Anonymous Twitter accounts released a 10GB mySQL dump of Nestlé data after threatening companies that have continued to do business in Russia following the invasion of Ukraine. 

The group – which made waves at the start of the invasion by threatening to attack the Russian government itself – listed several companies that it planned to go after, including Nestlé, Cargill, Subway, Burger King, General Mills, Bridgestone, Koch, Chevron and others.

“We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin's criminal regime: Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!” the Anonymous account said. 

Oran Avraham, CTO of Laminar, said that after analyzing the data, it was clear the compromised database was likely from a test/staging environment.

“This is often a prime target for attackers as these copies tend to be unknown, less protected and unmonitored by data security teams. We call this phenomenon ‘shadow data.’ In a recent study of 500 security professionals, 82% stated they were concerned or very concerned about shadow data inter environment,” Avraham said.  

“This incident reminds us that with a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native. That same study shows that 1 in 2 organizations have experienced a cloud breach in the last two years.”