Meal delivery service PurFoods says the personal and protected health information of more than 1.2 million individuals was stolen in a ransomware attack in early 2023.
Partnering with health, Medicare, and Medicaid plans, the Iowa-based organization is the parent of Mom’s Meals, a service that delivers health-focused, refrigerated, ready-to-eat meals throughout the US.
In a filing with the Maine Attorney General’s Office last week, PurFoods revealed that a ransomware attack impacting Mom’s Meals occurred in February and that it also involved the theft of personal information from its systems.
While the attack was identified on February 22, the attackers had access to PurFoods’ network for more than a month, the organization reveals.
“The investigation determined that PurFoods experienced a cyberattack between January 16, 2023, and February 22, 2023, that included the encryption of certain files in its network,” the company told Maine’s Attorney General.
The investigation also determined that the attackers exfiltrated from PurFoods’ systems files that stored personally identifiable information (PII) and protected health information (PHI), including names, birth dates, Social Security numbers, driver’s license numbers, payment card data, financial account information, and medical and health information.
The organization says it has started notifying the impacted individuals of the incident, providing them with identity theft and fraud protection guidance and with access to credit monitoring services.
PurFoods also says it has informed the relevant authorities of the incident, including the US Department of Health and Human Services and the three major credit reporting agencies.
However, the organization has not shared details on how the intrusion occurred, which file-encrypting ransomware was involved, and whether a ransom was paid to restore the encrypted data.
SecurityWeek has emailed PurFoods for a statement on the matter and will update this article as soon as a reply arrives.
Related: Ohio History Organization Says Personal Information Stolen in Ransomware Attack
Related: Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko
Related: 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
