Mom’s Meals discloses data breach affecting 1.2 million people in the US

PurFoods, the parent company of Mom’s Meals, is notifying 1.2 million individuals of a data breach. Mom’s Meals is a meal delivery service operating in the US that offers tailored menus for individuals struggling with chronic health conditions.

The company said highly sensitive customer and employee information was accessed and may have been stolen in a ransomware attack at the beginning of 2023.

After a five-month investigation ending July 10, 2023, the company said it had identified tools used for unauthorized data transfers, and that it can’t dismiss the possibility of data exfiltration from their servers.

“We then worked with our partners to identify accurate address information to provide notice to potentially affected individuals, and only recently completed these efforts,” PurFoods data breach notice reads.

“The individuals whose information was involved included clients of PurFoods who received one or more meal deliveries, as well as some current and former employees and independent contractors”.

PurFoods has also notified police and filed a data breach notice with the Office of the Maine Attorney General that lists 1,237,681 impacted individuals.

Potentially stolen information is highly sensitive and includes both financial info and health data of customers, including:

• Date of birth, driver's license and state identification number
• Financial account information and payment card information
• Medical record number alongside Medicare and Medicaid identification
• Health records including treatment data, diagnosis code, health insurance info, patient ID number
• Meal category and cost
• Social Security Numbers for less than 1% of exposed individuals

“It’s important to note that we have seen no evidence that any personal information was misused or further disclosed as a result of the cyberattack,” the company explained.

PurFoods is offering complimentary credit monitoring and identity protection services to victims and urges those affected to watch out for incoming communication/social engineering schemes delivered via email, phone or text that may leverage compromised data.

Worried about how data breaches can impact your identity and finances?

Bitdefender’s Digital Identity Protection automatically searches the web for leaked data linked to your identity (including on the Dark Web), sending you real-time alerts when your private information has been exposed. You get real-time data breach alerts and an easy way to monitor and assess your risk levels.