Both Dole and Pepsi Bottling Ventures provided more information this week about separate cybersecurity incidents that came to light in Q1 of this year. Dole was hit by a ransomware attack in February of this year while Pepsi had a cybersecurity incident take place in December of 2022, but did not become aware of it until January 10, 2023.
Why it matters: This past Sunday, Dole worked with regulators in California and submitted breach notification documents confirming that critical employee data was accessed during the attack. Pepsi noted on Monday that contractors, and current, and former employees were all affected by an incident, but that no information from PepsiCo directly was involved.
- Dole will be offering complimentary 1-year credit monitoring to all U.S. Fresh Fruit employees as a precautionary measure, but does not believe that employee data will be fraudulently misused.
- The direct costs of the Dole cybersecurity incident were $10.5 million – much of this is attributed to several of the company’s production plants in North America closing temporarily.
- According to a release, the information from PepsiCo’s employees and contractors that were affected included “names, addresses, emails, financial account information – including passwords, PINs and other access numbers – driver’s licenses, ID cards Social Security numbers, passport information, digital signatures, documents on employee benefits and employment, medical history, health insurance claims, and policy numbers.” The company will be giving victims free identity protection services for a year to mitigate risk.