Oreo maker Mondelez staff hit by data breach at third-party law firm

Snack giant Mondelez is warning past and present employees that their personal information may now be in the hands of hackers following a data breach at a third-party firm.

Over 50,000 members of staff are receiving data breach notifications from the Oreo maker, after a data breach at Bryan Cave Leighton Paisner LLP, a law firm hired by Mondelez to provide legal advice.

Bryan Cave says that it detected hackers had compromised its network between February 23 until March 1 2023, and that personal information had been exposed.

Accessed sensitive data related to current and former Mondelez employees included:

• social security numbers
• first and last names
• addresses
• dates of birth
• marital statuses
• genders
• employee identification numbers
• Mondelez retirement and/or thrift plan information

According to Bryan Cave, financial information was not compromised in the data breach.

What isn't clear from the public statements is how the law firm's computer network was breached, just how much data was stolen, and whether the attackers have demanded any ransom.

Mondelez is understandably keen to emphasises that its own computer systems were not compromised:

"Please know that this incident did not occur on or affect Mondelez systems or networks in any way."

I suspect, however, that is cold comfort to those individuals who will now be concerned that cybercriminals have stolen their information, and that they might be the target of future attacks such as identity theft.

In addition, Mondelez says that it is "unaware of any attempted or actual misuse of your information," although you have to remember that they wouldn't necessarily have any visibility on exploitation of the data if it had occurred.

Quite rightly, Mondelez is offering complimentary access for 24 months to identity theft protection services to affected individuals - although potential victims must sign-up before September 30 2023.

In 2017, Mondelez was one of many multinational companies to be hit badly by the NotPetya malware.