Thousands of victims hit in attack on chocolate maker Hershey

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

The Hershey Company suffered a major data breach in which people’s payment data and personally identifiable information (PII) were both taken. 

The famous chocolate maker has filed a notification with the Maine Attorney General’s office, stating that in early September, some of its employees fell prey to a phishing attack. 

The attack resulted in the theft of sensitive data, including Financial Account Numbers or Credit/Debit Card Numbers (in combination with security codes, access codes, passwords, or PINs for the account). In total, 2,214 people were affected by the incident. 

Identity theft

According to The Register, Hershey subsequently conducted its investigation and then notified affected individuals of its results. In the letter, it said that the attackers "may have had access to certain personal information," but stressed that there was "no evidence that any information was acquired or misused."

As per the notification letter, the hackers accessed people’s first and last names, health and medical information, health insurance information, digital signatures, dates of birth, addresses and contact information, driver's license numbers, credit card numbers with passcodes or security codes, and credentials for online accounts and financial accounts including routing numbers.

That’s more than enough for phishing attacks, identity theft, or wire fraud. Hershey’s customers should be extra wary of any incoming email or SMS messages claiming to be from the company. 

"Upon learning of the incident, Hershey worked to block the unauthorized user's access and confirm that the affected Hershey accounts were no longer in use by the unauthorized user," it was added in the letter. To strengthen its systems and prevent future similar occurrences, the company forced all users to change their passwords. It introduced “additional detection safeguards to our corporate email environment,” the company concluded. 

Despite finding no evidence of data misuse, Hershey still offered two years of free identity protection services to affected individuals via Experian IdentityWorks.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person with a laptop using a credit card online.
Avery label maker confirms attack on its site, customer credit card info stolen
A computer being guarded by cybersecurity.
Wacom warns users their data may have been stolen in breach
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
Green Bay Packers online store used to steal fan credit card details
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)