Security News > 2023 > August > Health, payment info for 1.2M people feared stolen from Purfoods in IT attack

Purfoods has notified more than 1.2 million people that their personal and medical data - including payment card and bank account numbers, security codes, and some protected health information - may have been stolen from its servers during what sounds like a ransomware infection earlier this year.

According to documents filed with the Maine Attorney General's office and a notification letter mailed to 1,237,681 individuals, criminals broke into Purfoods' network in January 16, encrypted some files containing customer information, and may have stolen others.

This potentially pilfered information includes names, Social Security numbers, driver's license/state identification numbers, financial account and/or payment card information in combination with security code, access code, password or PIN for the account, medical information, health information, and date of birth.

The Register reached out to Purfoods for more details about the data breach, including how the criminals accessed the network, whether they demanded a ransom, and who was responsible for the attack, and we've yet to receive a response.

Purfoods says it notified federal law enforcement about the break-in, as well as the US Department of Health and Human Services, as is required by the Health Insurance Portability and Accountability Act - the US data privacy law that protects individuals' medical records.

Our very unscientific survey uncovered three separate law firms fishing for people affected by the Purfoods breach and urging customers to "Contact us as soon as possible to understand your legal rights in response to the data breach." .

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/28/purfoods_meal_data_theft/