PurFoods' Data Breach Exposes Personal Information of 1.2 Million Individuals

published: Aug. 28, 2023

Learn More

PurFoods, operating as 'Mom's Meals' in the U.S., has been impacted by a cyberattack and data breach that exposed 1.2 million customers and employees.

The breach was the result of a ransomware attack that targeted the medical meal delivery service. Mom's Meals is distinct in catering to both self-paying clients and those eligible for government support via programs such as Medicaid and the Older Americans Act.

Suspicious activity was initially noticed by Mom's Meals' team on February 22, 2023. The investigation revealed that the cyberattack occurred between January 16 and February 22 2023, during which certain files on the network were encrypted through the deployment of ransomware.

Public indications of the attack emerged in early March, when an anonymous employee of Mom's Meals contacted a local Iowa news outlet. They reported having missed work and payment due to an "internet issue."

Subsequent investigations, concluded on July 10, 2023, exposed the extent of the breach. The attackers gained access to an array of sensitive personal and financial data, including

  • dates of birth,
  • driver's license and state identification numbers,
  • financial account details,
  • payment card information,
  • medical records,
  • health insurance particulars,
  • patient identification numbers,
  • Social Security Numbers (SSNs) – the latter affecting over 1% of the compromised individuals.

The breach's scope include customers who had received Mom's Meals packages as well as current and past employees, as well as independent contractors affiliated with the company. A total of 1,237,681 people had their information exposed in the breach.

To mitigate the fallout, PurFoods is offering affected parties a year's worth of credit monitoring and identity protection services through Kroll. This response aimed to address the risk posed by the exposed data, which could potentially be exploited for various malicious purposes including scams, phishing, and social engineering attacks.

PurFoods' Data Breach Exposes Personal Information of 1.2 Million Individuals