An Alabama-based holding company specializing in the metals service industry said an attacker accessed its network using a "highly sophisticated type of malware that evaded virus detection".
The malicious actor breached the company's systems in November 2022. O'Neal Industries said none of the platforms or companies administering employee benefits were impacted.
However, according to the breach notification filed with the California Attorney General's office, one of the breached systems contained HR files that "store social security numbers and other personal information we maintain on file for our former employees and, in some cases, their beneficiaries or dependents."
Founded in 1921, the company is considered one of America's biggest private companies, according to Forbes. Its revenue was $2.8 billion in 2022. The company and all its subsidiaries employ approximately 3,000 people.
"We have hired external cybersecurity experts to investigate what happened, to strengthen our computer network, and to monitor the "dark web" for any references to information involved in this incident. These efforts are all ongoing," the company said.
More from Cybernews:
Subscribe to our newsletter