Posted on August 28, 2023 at 9:07 AM
1.2 million customers of Mom’s Meals were affected after the recent data breach
A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data.
PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according to the Medicaid and Older Americans Act programs.
Anonymous employee leaks details of the attack
The company revealed that it found traces of suspicious activity within its network on February 22 of this year. At the time, its systems and the files suddenly got encrypted, indicating that the firm had suffered a ransomware attack. The company immediately started investigating the suspicious account behavior, hiring third-party specialists to lead the investigation.
“The investigation determined that we experienced a cyberattack between January 16, 2023, and February 22, 2023, that included the encryption of certain files in our network,” PurFoods said in its notice. However, the real signs of network issues became evident in early March. At the time, an anonymous employee at Mom’s Meals leaked to the Iowa news outlet that they had missed work and paid for a week.
The employee said that the reason behind this was “an internet issue,” which started rumors that the company suffered a data breach. Meanwhile, PurFoods continued its investigation, which unveiled that there was a breach all the way back in January. Security specialists pinpointed the breach’s moment, stating that it happened on January 16, 2023. The investigation also revealed what tools were likely used to steal data that hackers managed to locate within the network.
What information was stolen?
A more in-depth investigation followed in July of this year, and it was managed to uncover more details. For example, it managed to confirm that the hackers accessed a large quantity of data belonging to customers and employees.
This includes dates of birth, social security numbers (for more than 1% of exposed individuals), driver’s licenses, patient ID numbers, state identification numbers, health insurance information, financial account information, meal categories and costs, payment card data, diagnosis codes, medical record numbers, treatment info, Medicare and Medicaid information, as well as general health information.
The investigation also revealed that the data breach does not only impact the current employees but also past ones and even independent contractors that the company collaborated with.
PurFoods reported the data breach in a filing at the Office of the Maine Attorney General, revealing that 1,237,681 individuals were impacted. All victims of the attack will receive a free coverage for 12 months of credit monitoring and identity protection services via Kroll, according to the company.
This is considered necessary for the customers’ protection, as the stolen data is highly sensitive, and it can allow the attackers to conduct additional elaborate scams, social engineering attacks, phishing attacks, and more.
Mom’s Meals customers were also warned to remain extremely vigilant when it comes to incoming communications. Users should expect that hackers or scammers might try to conduct some sort of a direct attack via email, SMS text messages, phone calls, or possibly messaging apps.
The company said that it notified Federal law enforcement of the event and that it is cooperating fully with their investigation. They also started notifying impacted individuals via US Mail, starting on August 25 of this year. The notification includes guidance on protecting against identity theft and fraud and accessing the complimentary credit monitoring and identity restoration services.
In addition, the company also took a number of additional steps to improve its own network security. It is reconsidering the existing policies and procedures, adding new ones, and making changes where necessary.