A cyberattack that targeted The Hershey Company may have compromised the personal data of 2,214 people, the company has revealed.
The data breach occurred in early September as the result of an email phishing attack on the Pennsylvania chocolate maker, according to a recent filing with the Maine Attorney General's Office. The data that may have been compromised includes first and last names, health and medical information, dates of birth, financial account information, debit and credit card data and related access codes.
- READ MORE:
- Thieves steal ATM from Chubby's Steaks in Roxborough, hauling it away in a truck
- Privacy advocates say the Phillies' facial recognition entrance puts their fans' data at risk
- Hackers in ransomware attack on Philly-area hospitals post patient data for sale on dark web
The Hershey Company sent out a letter to the people who were potentially affected by the breach on Friday, notifying them that an "unauthorized user" had gained access to several Hershey email accounts and may have accessed their personal data.
The company said it worked with a forensic provider and other third parties to investigate the cyberattack and assess what its impact. During that investigation, no evidence was found that anyone's personal data had been misused in any way, the company said.
The Hershey Company said it would give those who were impacted a two-year membership to a data monitoring and identity theft protection service.
"Based on our investigation, which recently concluded, the unauthorized user may have had access to certain personal information of yours," the company wrote in its letter to the people who were potentially impacted. "Although we have no evidence that any information was acquired or misused by the unauthorized user, we wanted to notify you of this incident out of an abundance of caution."
In its filing, The Hershey Company said that one Maine resident of Maine was affected by the breach. It was not immediately clear where the other impacted individuals are located.
