Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, has issued a data breach notice to over 50,000 current and former employees, informing them of a breach at law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies. The compromised data may include employees’ Social Security numbers, names, addresses, dates of birth, marital statuses, genders, employee identification numbers, and retirement plan information.
However, no financial information, including credit card numbers, was affected. Mondelez stated that the breach did not occur on or affect its systems or networks, emphasizing its seriousness despite no known misuse of the leaked information. The breach involved hackers gaining unauthorized access to Bryan Cave’s systems from February 27 to March 1, prompting the law firm to hire a cybersecurity forensics firm for investigation.
Bryan Cave notified Mondelez about the incident in late March after the discovery, leading to Mondelez’s employee warning on June 15. The company offered credit monitoring services to the affected individuals. While the statement did not disclose the cybersecurity forensics firm’s identity, it highlighted the breach’s seriousness and the proactive measures taken.
Mondelez clarified that the breach did not impact its systems or networks and expressed regret for any concern or inconvenience caused. The incident follows Mondelez’s recent settlement in a multi-year legal battle over a $100 million insurance claim related to damage from the NotPetya cyberattack in 2017, where the insurer initially refused coverage for Mondelez’s losses.
