Hackers have managed to steal the personal data of 1.2 million customers and employees from a popular meal delivery service following a ransomware attack that occurred at the beginning of the year.
As reported by BleepingComputer, PurFoods which operates under the name Mom’s Meals in the U.S., revealed in a data breach notice that it was hacked earlier this year. Unlike HelloFresh or other meal kit delivery services, Mom’s Meals caters to both self-paying customers as well as people who are eligible for government assistance through Medicaid and the Older Americans Act programs.
According to Mom’s Meals, the firm first identified suspicious network activity in February of this year after it discovered that some files on its systems had been encrypted by ransomware. From here, the company launched an investigation with the help of third-party specialists which revealed that it had suffered a cyberattack between January 16 and February 22.
However, in early March, an anonymous Mom’s Meals employee reached out to a local Iowa news outlet about the data breach, explaining that they had missed work and weren’t paid for a week as the result of “an internet issue”.
Stolen personal and financial data
Following the initial investigation, a more in-depth one was completed on July 10, revealing that the hackers responsible had accessed all sorts of personal and financial data from both customers and employees.
The hackers gained access to dates of birth, driver’s license numbers, state identification numbers, financial account information, payment card information, medical record numbers, medicare and medicaid information, health insurance information, patient ID numbers, Social Security Numbers (SSNs) and more.
All told, current and former employees, independent contractors and those who received Mom’s Meals packages are affected by this data breach. In a data breach filing with the Office of the Maine Attorney General, PurFoods revealed that a total of 1,237,681 people had their personal and financial information exposed as a result of the breach.
How to stay safe and what to do next
Fortunately for those affected by the Mom’s Meals data breach, PurFoods is providing them with access to one of the best identity theft protection services through Kroll for free for the next 12 months.
Information on how affected customers and employees will likely be included in a data breach notification sent to their email accounts. You can also check PurFoods’ data breach notification page for additional information and other steps you can take like freezing your credit.
Still though, affected customers and employees will want to be extra careful when checking their inboxes as the hackers behind this breach can use the information they obtained to conduct phishing attacks and other scams. At the same time, you’re also going to want to be careful when opening text messages from unknown senders or answering calls from unknown callers, as hackers could also try to reach you through text messages or over the phone.
A data breach of this size is nothing to write off but it’s good to see that PurFoods is handling it correctly right off the bat by providing affected users with free access to identity theft protection.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.