Phishing-related breach impacts Hershey

Major U.S. multinational confectionary firm The Hershey Company had data from 2,214 individuals stolen following a phishing attack in early September, according to The Register. After distributing phishing emails to Hershey employee inboxes, threat actors were able to exfiltrate individuals' full names, birthdates, address and contact details, health and medical data, health insurance information, driver's license numbers, and digital signatures, as well as their credit card numbers with security codes and online financial account credentials, said Hershey in a filing with the Maine Attorney General's Office. Attackers' unauthorized access has already been blocked, added Hershey, which noted that there has been no evidence suggesting any misuse of the compromised data while emphasizing actions to bolster its security. "We also have taken steps to enhance our data security measures to prevent the occurrence of a similar event in the future, including forced password changes and additional detection safeguards to our corporate email environment," Hershey said.