Chocolate maker Hershey breached in phishing attack


Hershey, one of the world’s largest chocolate makers, is investigating a phishing attack during which malicious actors obtained a “limited number of Hershey email accounts,” together with sensitive personal information such as credentials and financial accounts.

At least 2214 individuals were affected when an unauthorized hacker gained access to the accounts, the company’s filing with the Maine Attorney General reveals.

The breach happened on September 3rd. It was immediately discovered and lasted two days. A single Maine citizen was affected.

ADVERTISEMENT

Based on the company’s investigation, assisted by a forensic provider, cybercriminals may have had access to personal information, which varied from person to person.

For some, it included first and last name, health and medical information, health insurance information, digital signature, date of birth, address and contact information, driver’s license number, credit card number with a passcode or security code, and credentials for online accounts and financial accounts, including routing numbers.

“Although we have no evidence that any information was acquired or misused by the unauthorized user, we wanted to notify you of this incident out of an abundance of caution,” Hershey’s letter to affected users reads.

According to the statement, the hackers no longer have access to affected accounts. The company forced password changes and implemented additional detection safeguards to the corporate email environment.

Hershey is offerin affected users access to credit monitoring and identity restoration services, including $1 million identity theft insurance, and encourages them to remain vigilant by reviewing account statements and taking other steps to protect themselves.

Hershey, a Pennsylvania-based American confectionery company, is known for its iconic chocolate brands, such as Hershey Kiss, Hershey Bar, and Reese's Peanut Butter Cups.

ADVERTISEMENT