Monsanto is not exactly the darling of the biotech world, so it's eminently possible that people will take its recent data breach as a good thing. An unknown assailant or assailants hacked into the client database of Monsanto subsidiary Precision Planting, potentially compromising 1,300 accounts that include names, addresses and — much worse — tax IDs, Social Security numbers and financial information.
Security expert Graham Cluley covered the issue on his blog, where he explained that Precision Planting came clean about its data breach, which occurred prior to March 27. The hacker behind the breach gained access to names and addresses of 1,300 employees and workers of Precision Planting clients, and possibly those of Precision Planting employees as well.
In some cases, the hacker was able to access Social Security numbers and financial information, including tax forms and employer tax ID numbers. Social Security numbers, when paired with names, are the Holy Grail for identity thieves, who can use the data to open bank accounts and collect tax refunds in other people's names.
The most curious aspect of the data breach is that the intruder does not seem to have done anything with this information, nor did he or she appear to be attempting to steal it in the first place. A letter to the Maryland attorney general from Precision Planting suggested that the breach was not intended for financial gain or identity theft.
What the hacker may have wanted is something of a mystery, although Monsanto has enough detractors that one of them may have simply wanted to make a point. The agricultural giant has come under fire over the last few years for potentially damaging practices and false advertising about the safety of its foods and pesticides.
A data breach in Monsanto's servers could give a hacker access to sensitive information about the company itself, with employee information coming along as collateral.
Whatever the impetus for the breach, the 1,300 affected employees are potentially in grave financial danger. Monsanto has provided each of them with a year-long subscription to identity-theft protection services to make sure, but anyone who has learned he or she is affected by the Monsanto breach should contact Equifax, Experian or TransUnion now to place a credit alert.