Hackers hit Sodexo with malware attack that may have compromised users’ personal data
- The data likely compromised by the attack includes customers’ names, email addresses and home addresses.
- In the wake of the breach, Sodexo pulled Engage’s retail and perks website ‘lifestylehub[.]co[.]uk offline.
Employee benefits provider Sodexo has suffered a breach. The internal IT systems of Sodexo’s UK unit, Engage, were infected by malware. The malware attack may have compromised customers’ personal data. The data likely compromised included customers’ names, email addresses and home addresses.
According to a report by The Register, the company notified its UK enterprise users of Engage about the incident. The notification letter stated that some employees using the benefits platform had received a phishing email.
In the wake of the breach, Sodexo pulled Engage’s retail and perks website ‘lifestylehub[.]co[.]uk offline. The firm also said that forensic experts are assisting it to conduct an investigation into the attack.
“A team of CREST-approved security specialists is working with us to investigate this issue and ensuring that we are preventing any further leaks of personal information. We have found no evidence so far that any financial information has been compromised. We have informed those customers affected and continue to update them,” A Sodexo spokesperson told The Register.
During the investigation, a sophisticated malware that was undetectable by anti-virus software was identified on the company’s network. The malware leaked the users’ information without their knowledge. However, the company said that it is working on blocking future leaks and that customers’ financial data was not compromised.
It is still unclear as to how many customers were affected by the breach. The identity of the attackers is also unknown at present. Sodexo Filmology, a subsidiary of the firm, had suffered a leak in April 2018, resulting in the exposure of customers’ credit card details.