Hershey data breach affects thousands with company emails

Hershey data breach overview: 

• Who: The Hershey Co. said it suffered a data breach that may have exposed the personal information of more than 2,000 individuals with Hershey email addresses. 
• Why: Hershey said the data breach was the result of a phishing attack. 
• Where: The data breach affected individuals within the company. 

The Hershey Co. disclosed it suffered a data breach that may have exposed the personal information of more than 2,000 individuals with company emails, as the result of a phishing attack against the Pennsylvania-based chocolate maker. 

Hershey, in a filing with the Office of the Maine Attorney General, said the data breach affected a total of 2,214 individuals, occurred between Sept. 3 and 4 and was discovered by the company the day it began. 

“Based on our investigation, which recently concluded, the unauthorized user may have had access to certain personal information of yours,” Hershey said, according to a sample letter sent to affected Maine residents. 

The data breach may have exposed personal information including first and last names, routing numbers, addresses, birthdates, digital signatures, health and medical information, credit card numbers and driver’s license numbers, among other things, according to the letter. 

In its letter, Hershey said it found no evidence any potentially exposed information was acquired or misused by the “unauthorized user,” but wanted to notify those affected by the incident “out of an abundance of caution.” 

Hershey says it worked with multiple third parties to investigate data breach 

The company said it immediately began investigating the data breach upon its discovery, doing so in coordination with “multiple third parties,” including a forensic provider. 

Hershey has also taken steps to improve its data security going forward, including by forcing password changes and implementing additional detection safeguard into its “corporate email environment,” according to its letter. 

The company said it is also offering a complimentary 24-month membership to identity theft and identity protection service Experian Identity Works for individuals affected by the data breach. 

In other data breach-related news, the Federal Trade Commission amended its financial data security rule — called the Standards for Safeguarding Customer Information — in late October to require non-bank financial institutions to report to the agency any incidents in which the data of at least 500 consumers is acquired without authorization. 

Were you affected by the Hershey data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Columbia University class action claims school failed to safeguard sensitive info, resulting in data breach
• AutoZone class action alleges company responsible for data breach
• Pathward class action claims company failed to safeguard personal info prior to data breach
• Stanley Steemer class action alleges data breach affects current, former customers