Sysco, a number one international meals distribution firm, has confirmed that its community was breached earlier this 12 months by attackers who stole delicate info, together with enterprise, buyer, and worker information.
In an inside memo despatched to staff on Could third and seen by BleepingComputer, the corporate revealed that buyer and provider information within the U.S. and Canada, in addition to private info belonging to U.S. staff, could have been impacted within the incident.
“On March 5, 2023, Sysco grew to become conscious of a cybersecurity occasion perpetrated by a risk actor believed to have begun on January 14, 2023, during which the risk actor gained entry to our methods with out authorization and claimed to have acquired sure information,” Sysco added in data breach notification letters despatched to among the affected people.
In whole, the data breach affected 126,243 who had their names and different private identifiers uncovered along with Social Safety Numbers, as revealed in a submitting with the Maine Legal professional Normal’s Workplace
Sysco additionally confirmed the security breach in a 10-Q quarterly report filed with the U.S. Securities and Alternate Fee one week in the past, on Could 2nd.
“The investigation decided that the risk actor extracted sure firm information, together with information referring to operation of the enterprise, prospects, staff and private information,” the corporate stated.
“The investigation is ongoing, and Sysco has begun the method of getting ready to adjust to its obligations with respect to the extracted information.”
The corporate believes the workers’ information stolen from its methods throughout the breach is a mix of the next: private info offered to Sysco for payroll functions, together with identify, social security quantity, account numbers, or related data.
Sysco additionally employed a cybersecurity agency to assist examine the incident and notified federal legislation enforcement of the cyberattack.
Sysco: No affect on customer support and enterprise operations
The incident has not impacted its enterprise operations, and customer support has not been interrupted, in keeping with the 10-Q SEC submitting.
Sysco additionally informed affected people that there isn’t any ongoing risk to its community and that its security staff carried out extra safeguards to stop an identical breach from occurring sooner or later.
With greater than 71,000 staff, Sysco operates 333 distribution amenities worldwide and providers round 700,000 buyer places, together with eating places, healthcare, and academic amenities.
In keeping with its web site, Sysco generated over $68 billion in gross sales for the fiscal 12 months 2022, which ended July 2, 2022.
A Sysco spokesperson was unavailable for remark when contacted by BleepingComputer earlier immediately.
Replace: Added hyperlink to data breach notification letter pattern.
Replace 2: Added data on the variety of people affected by the data breach.
