December 4, 2023 at 02:24PM
Hershey disclosed a phishing attack that compromised the personal and financial information of 2,214 people. The breach occurred in September, allowing unauthorized access to varied sensitive data. Hershey has since increased security measures and is offering two years of free credit monitoring to those affected, without additional compensation. High-profile cyberattacks have been rising alongside Hershey’s incident.
Meeting Takeaways:
1. Incident Overview: The Hershey Company experienced a phishing campaign that resulted in unauthorized access to 2,214 individuals’ financial information.
2. Initial Breach: Phishing emails reached Hershey employees in early September, leading to a security breach where personal data became accessible to the cyber criminals.
3. Data Compromised: The accessed data included names, health and medical information, health insurance details, digital signatures, birth dates, addresses, contact data, driver’s license numbers, credit card information, and online/financial account credentials.
4. Company Response: Upon discovery, Hershey acted to revoke the unauthorized user’s access and partnered with third parties, including forensic experts, to address the breach and enhance security measures. This included forced password changes and new email detection safeguards.
5. Current Status: While Hershey has completed its investigation and has found no evidence of misuse of the stolen data, the company remains cautious.
6. Support for Affected Individuals: Hershey is offering two years of free Experian IdentityWorks to those impacted but did not offer any additional compensation such as free chocolate.
7. Comparative Incidents: The breach at Hershey is part of a series of high-profile cyber intrusions, with other notable occurrences affecting Caesars Entertainment, MGM Resorts, New Relic, several US credit unions, and the British Library.
8. Future Protections: Hershey has indicated it has taken steps to prevent a similar event from happening in the future, implementing enhanced data security measures.