Mondelēz International said the personal data of more than 51,000 current and former employees was accessed after a breach at the law firm of Bryan Cave Leighton Paisner, which provided legal services to the food and snacks company, according to a filing with the Maine Attorney General’s office. Consumer notifications went out last week.
The law firm on Feb. 27 discovered suspicious activity involving a part of its computer systems where customer data was stored, with the activity taking place from Feb. 23 to March 1, according to the letter from Kevin Brennan, chief counsel litigation, U.S., at Mondelēz.
After launching an investigation with an outside forensics firm and notifying law enforcement, the law firm notified Mondelēz on March 24, confirming the outside hacker had obtained data. The scope of the access was not immediately known.
Mondelēz said it received enough information by May 22 to determine which customers needed to be notified. The breached data included names, addresses, dates of birth, employee identification numbers, social security numbers and Mondelēz retirement and/or thrift plan information. Account numbers and credit card data were not involved.
A spokesperson for Bryan Cave confirmed the incident in an email and said the law firm “coordinated with law enforcement and are communicating with our affected stakeholders.”
“We remain able and focused on continuing to serve our clients as we resolve this matter,” the spokesperson added via email.
The spokesperson did not provide any details of how the incident took place or say whether the incident impacted any other clients besides Mondelēz.
The disclosure notice from Mondelēz said the law firm told the snack food company that steps had been taken to prevent such an incident in the future.