PurFoods, operating under the name ‘Mom’s Meals,’ has announced a significant data breach affecting 1.2 million customers and employees, where personal information was stolen through a ransomware attack. Mom’s Meals, known for its medical meal delivery services, serves both self-paying clients and those eligible for government assistance programs.
Furthermore, the breach was first detected on February 22, 2023, with files encrypted due to suspicious activity on their networks. An investigation revealed the cyberattack had occurred between January 16 and February 22 of the same year, compromising specific files within their network.
The timeline of the breach unfolds as signs of network issues emerged in early March, 2023. An anonymous employee’s revelation to an Iowa news outlet, citing a week of missed work and pay due to “an internet issue,” drew attention to potential problems. A deeper probe by PurFoods confirmed the breach’s occurrence on January 16, 2023, and exposed the use of data-stealing tools on their network.
Additionally, a comprehensive investigation was concluded on July 10, 2023, confirming that the hackers had gained access to an array of sensitive data, including birthdates, driver’s licenses, financial information, medical records, and Social Security Numbers.
The breach impacts a diverse group, ranging from individuals who’ve received Mom’s Meals packages to current and former employees and independent contractors. The Office of the Maine Attorney General received a data breach filing from PurFoods, stating that approximately 1,237,681 people were affected. To mitigate the damage, the impacted individuals will receive 12 months of free credit monitoring and identity protection services through Kroll. The exposed data’s sensitive nature raises concerns of elaborate cyber scams, phishing, and social engineering attacks, necessitating vigilance from Mom’s Meals customers in all forms of communication.