dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
500
HELLFIRE
MVM
join:2009-11-25

2 recommendations

HELLFIRE

MVM

"Sophisticated" malware hits Sodexo,leads to "nonconsentual" leak of PII

»www.theregister.co.uk/20 ··· _breach/
quote:
Employee benefits firm Sodexo has suffered a data breach exposing personal info believed to include names, email addresses and home addresses after its UK Engage unit’s internal IT systems were hit by malware. In the wake of the breach, Sodexo pulled Engage's staff-facing retail discount and perks website lifestylehub.co.uk offline "after receiving some reports that users of this platform have received phishing emails". It said this was a "precaution" as "there was no evidence the employee benefits platform had been attacked by this malware".
Breach notice here, if you like reading that kind of PR spin warmed leavings of a male cow. What cracks me up the most is the line "[w]e have now identified that a
sophisticated malicious software (malware), undetectable by leading antivirus software,
has caused a data breach, leaking some limited personal information
without our consent."

Regards

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 recommendations

Blackbird

Premium Member

Re: "Sophisticated" malware hits Sodexo,leads to "nonconsentual" leak of PII

From the breach notice (my emphases):

... a team of CREST-Approved security specialists have been working with us to urgently investigate this issue. Our findings have shown no evidence that our benefits platforms have been attacked or compromised.

However we have now identified a sophisticated malicious software (malware), undetectable by leading antivirus software, has caused a data breach, leaking some limited personal information without our consent.

Investigations are still ongoing, but we have now managed to isolate the malware, preventing any further leaks of personal information.

So, Sodexo, which is it? Were you attacked/compromised or not?