Sysco revealed earlier this month that it was the victim of a cybersecurity attack, with the perpetrators possibly stealing social security numbers of some employees and financial information of some customers.
The breach, believed to have begun on 14 January, 2023, was first discovered by the company in March, although it was only revealed in a quarterly earnings report filed at the beginning of May.
“Immediately upon detection, Sysco initiated an investigation, with the assistance of cybersecurity and forensics professionals,” the Houston, Texas, U.S.A.-based foodservice distribution company said. “The investigation determined that the threat actor extracted certain company data, including data relating to operation of the business, customers, employees, and personal data.”
According to a data security breach report filed with the U.S. state of Texas, the perpetrators were looking for social security numbers and financial information. Sysco said the data extraction did not impact its operations or services.
The company notified federal law enforcement, and the investigation is ongoing.
The revelation follows a separate cyberattack on cold storage and transportation provider Americold discovered in April 2023.
“We are all faced with an evolving cyber-threat landscape in which the cyber adversaries are persistent, continually evolving their tactics, techniques, and procedures,” Americold CEO George Chappelle said on a 4 May earnings call. “As we recover from the impact of this incident, we remain committed to continued strengthening of our policies, practices, and technology to further protect against future attacks.”
Approximately 30 percent of the Atlanta, Georgia, U.S.A.-based company’s 243 facilities were affected by the cyberattack on its IT systems, although Americold was quick to note that the attack did not damage its inventory.
“It is important to note that none of our safety procedures or structural capabilities within the impacted facilities, such as power and utilities, refrigeration systems, and blast freeze processes were compromised,” Chappelle said.
The impact already had been reduced by half by the first week of May, the company said.
The incident was the second major cyberattack Americold experienced in the last three years. The first cyberattack occurred in November 2020, and the company has since invested USD 20 million (EUR 18.2 million) in cybersecurity, according to Chappelle.
Photo courtesy of Tada Images/Shutterstock
