On September 10, 2024, Aramark filed a notice of a data breach with the Massachusetts Attorney General after hackers gained access to sensitive employee information. The breach involved the unauthorized party creating a fraudulent website resembling Aramark’s official page, tricking employees into entering their usernames and passwords. Once the hackers obtained these credentials, they accessed the company’s myPay site, where they could potentially alter employees’ direct deposit information. Aramark’s initial investigation revealed that the unauthorized party accessed other personal data beyond payment details, including names, addresses, and Social Security numbers.
Aramark took immediate action to contain the breach, launching an investigation to understand the full scope of the incident. The company discovered that the hackers had been able to view confidential employee information, including direct deposit details and personal identifiers. While the primary goal of the breach seemed to be misdirecting employee pay, the exposed information varied depending on the individual, with certain employees having more data compromised than others. Upon confirming the extent of the breach, Aramark sent out notifications to all affected current and former employees.
The company’s investigation concluded that the breach was due to the fraudulent website designed to capture employee login details. Although the goal of the cybercriminals appeared to be changing direct deposit information, the breach exposed other sensitive employee data. In response, Aramark has been working to enhance security measures to prevent similar incidents in the future. The company is also offering support to the affected individuals through its breach notification process, which includes detailed information about the data that was compromised.
Aramark, a food services and facilities management company based in Philadelphia, has been in operation since 1936. The company provides services across various sectors, including education, healthcare, business, and hospitality, employing over 262,000 people worldwide. Aramark is publicly traded and generates annual revenue of approximately $19.6 billion. The company’s swift response to the breach and ongoing review of its data security practices demonstrate its commitment to safeguarding the personal information of its employees.
Reference:
