Mom’s Meals Data Breach Exposed Data of 1.2M

In a recent disclosure, PurFoods, Mom’s Meals’s parent company, reported a significant data breach that affected more than 1.2 million individuals. PurFoods, known for providing tailored home-delivered meals to individuals with chronic health conditions, filed a data breach report with the Maine Attorney General’s Office, detailing the breach’s scope and the potentially compromised data.

The breach came to the company’s attention when it identified “suspicious account behavior” on February 22nd, 2023. An immediate investigation ensued, revealing that PurFoods had fallen victim to a cyberattack between January 16th, 2023, and February 22nd, 2023. Certain files within the company’s network were encrypted by the attackers and tools for data exfiltration were found, raising concerns about a possible breach.

Third-party specialists were engaged to conduct a thorough review of the potentially impacted data, a process that concluded on July 10th, 2023. Their investigation confirmed that files containing personal and protected health information pertaining to certain individuals were among the data at risk.

The sensitive information the attackers may have accessed includes personal identifiers like names, social security numbers, state IDs, financial account numbers, payment card details (credit or debit), security codes, access codes, passwords, and patient IDs. Additionally, the breach possibly exposed medical information, health records, and individuals’ dates of birth.

The breach affected customers and both present and past employees of the company, as well as independent contractors.

Prompt action was taken to notify affected individuals, a process initiated on August 25th, 2023. According to official records, approximately 1,237,681 individuals may have been affected by this breach.

PurFoods has been diligent in its response to this incident. It promptly informed law enforcement authorities of the cyberattack and is actively working to enhance security measures. These efforts include the implementation of additional safeguards and comprehensive employee training to mitigate the risk of similar incidents in the future.

The affected individuals are encouraged to remain vigilant, monitor their financial accounts for any unusual activity, and consider taking advantage of the free credit monitoring and identity restoration services offered by PurFoods. PurFoods is also providing guidance on avoiding identity fraud within its notification letters.

This incident underscores the need for organizations across various sectors to continue to invest in cybersecurity measures and proactively protect their customers' sensitive information.