Hershey Hacked; Recipe Altered

Wednesday, August 10, 2011 @ 12:08 PM gHale

Chocolate giant Hershey Co. suffered a breach that altered a recipe and may have made off with customers’ names, birthdates, street and email addresses, and site passwords.

In an email sent to customers last week, Hershey said an unauthorized individual gained access to the site and changed a baking recipe for one of its products. The company said it found no evidence of any other alterations to recipes on the website, but it couldn’t rule out the possibility hackers stole personal data given when customers create accounts on the site.

Moore’s Law-like: Malware’s Booming
Report: Malware, Targeted Attacks on Rise
Stuxnet Effect: Iran Still Reeling
Feds Fear New Stuxnet Threats

“We have no indication that any of this consumer information was compromised,” Hershey’s email stated. “However, given the nature of this incident, we are acting out of an abundance of caution and informing you that this server was accessed. We are also outlining some steps to help you ensure your security whenever you use the Internet and email.”

Hershey joins a growing list of organizations that suffered website security breaches that jeopardize the privacy of its visitors. Other companies compromised include Sony, Groupon India, email marketer Silverpop, gossip website Gawker, DuPont, J&J, GE, and at least a dozen others.

This is just another example of why manufacturing companies need to get ahead of the curve and create a solid defense in depth posture for their infrastructure. While a true targeted attack will penetrate defenses, if a manufacturer has a plan in place, it can slow or eliminate damages and allow the company to keep moving forward.

Leave a Reply

You must be logged in to post a comment.