Hershey phishes! - Crooks snarf chocolate lovers' creds

Trending 2 months ago

There's no sugarcoating this news: The Hershey Company has appear cyber crooks gobbled up 2,214 people's banking advice afterward a phishing attack that netted the amber maker's data.

According to a security notification filed with the Maine Attorney General's office, the phishing emails landed in employees' inboxes in aboriginal September. From that point on, it sounds like accessing clandestine abstracts was as accessible as burglary bonbon from a baby.

The added Chocolate Factory did not anon acknowledge to The Register's questions.

In a letter beatific to afflicted individuals, Hershey says it afresh captivated up its investigation, and says the bandit "may accept had acceptance to assertive claimed information," but adds (not-so-reassuringly) that there is "no affirmation that any advice was acquired or misused." [PDF]

This abstracts included aboriginal and aftermost names, bloom and medical information, bloom allowance information, agenda signatures, dates of birth, addresses and acquaintance information, driver's authorization numbers, acclaim agenda numbers with passcodes or aegis codes, and accreditation for online accounts and banking accounts including acquisition numbers.

Basically, the crooks accessed annihilation they charge for all types of angry accomplishments with ancient banking annexation acceptable topping the list..

"Upon acquirements of the incident, Hershey formed to block the crooked user's acceptance and affirm that the afflicted Hershey accounts were no best in use by the crooked user," according to the aperture notification letters.

  • New Relic's cyber-something appear as advance on staging systems, some users
  • Scores of US acclaim unions offline afterwards ransomware infects backend billow outfit
  • Apple slaps application on WebKit holes in iPhones and Macs amidst fears of breath attacks
  • Black Basta ransomware operation nets over $100M from victims in beneath than two years

Hershey additionally says it formed with "multiple third parties" to apple-pie up the adhesive mess, including a argumentative provider.

"We additionally accept taken accomplish to enhance our abstracts aegis measures to anticipate the accident of a agnate accident in the future, including affected countersign changes and added apprehension safeguards to our accumulated email environment," the letter adds.

And, while the bonbon maker has "no acumen to believe" that the abstracts thieves accept abolished the baseborn data, Hershey is alms afflicted individuals the acceptable two chargeless years of Experian IdentityWorks. Unfortunately, the aggregation didn't sweeten the accord by throwing in some adulatory chocolate.

Hershey joins the ranks of high-profile intrusions that occurred in aboriginal September, and accommodate Las Vegas bank giants Caesars Entertainment and MGM Resorts, both of whom suffered arrangement intrusions and extortion demands about this aforementioned time.

Criminals haven't apparent any signs of slowing bottomward as the end of the year approaches, with organizations alignment from web tracking and analytics close New Relic, to 60 US acclaim unions, and the British Library advertisement problems in the aftermost few weeks. ®