Mondelez International has warned 51,000 of its past and present employees that their personal information has been stolen from a law firm hired by the Oreo and Ritz cracker giant.
To be clear, the miscreants didn't infiltrate Mondelez's IT estate: they broke into Bryan Cave Leighton Paisner LLP's network. And as one of Mondelez's legal services providers, Bryan Cave had copies of and access to sensitive personal information belonging to current and former Mondelez workers. As the snack giant noted in its security breach notification
to 51,110 individuals on Friday: "Please know that this incident did not occur on or affect Mondelez systems or networks in any way." Considering Mondelez was among the global companies hit in the NotPetya outbreak — and it recently
settled its lawsuit against Zurich American Insurance Company, which it brought because the insurer refused to cover Mondelez's $100-million-plus cleanup bill — the fact that this was a third-party privacy breach probably provided a small bit of relief somewhere. Bryan Cave, we note, did not represent Mondelez in the NotPetya insurance legal battle.
While the cookie monster company is "unaware of any attempted or actual misuse of your information," it told affected employees, past and present, that the crooks accessed their social security numbers, first and last names, addresses, dates of birth, marital status, gender, employee identification numbers, and Mondelez retirement plan details.
www.theregister.com
