Purfoods has notified more than 1.2 million people that their personal and medical data such as names, SSNs, driver’s license numbers, financial account and/or payment card information, medical information, health information, and DOB may have been stolen from its servers during a cyber-attack occurring between January 16th, 2023, and February 22nd, 2023.
Purfoods, a health-focused food-delivery company that does business under the name Mom’s Meals, works with more than 500 health providers including governments and managed-care organizations in the US and delivers meals to those covered under Medicare and Medicaid, as well as individuals not covered.
The company identified “suspicious account behavior” on February 22nd, 2023, and, according to the notification letter, the attackers gained access to the Purfoods’ network on January 16th. It is still unclear how the criminals accessed the network.
Dave Ratner, CEO, HYAS had this to say:
“It’s still unclear how the criminals breached the network, but it actually doesn’t matter. Bad actors will continue to create and obfuscate their techniques. The attack demonstrates yet again that no one is safe, and that organizations need to think more about business and operational resiliency than pure prevention. Deploying anomaly visibility and detection as part of a depth-in-depth strategy, such as Protective DNS, is clearly critical today to protect PII and other critical data from being stolen.”
This is bad as this is all the information that a threat actor requires to launch identity theft attacks. Hopefully there’s a full accounting of what happened and what Purfoods is going to do to protect those who are affected.