“Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. In an internal memo sent to employees on May 3rd and seen by BleepingComputer, the company revealed that customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees, may have been impacted in the incident.”
Sysco stated it become aware of the attack on March 5, 2023 and believes that actors launched their operation on January 14, 2023, where they were able to gain access to some of the company’s systems without authorization. Based on further investigation, the company noted that the attackers extracted certain company data relating to the operation of business, customers, employees, and personal data.
The employee data allegedly stolen from the compromised systems contains a combination of personal information provided to Sysco for payroll purposes, including employee names, social security numbers, account numbers, etc.
Sysco currently employees more than 71,000 employees and operates 333 distribution facilities worldwide and services 700,000 customer locations, including restaurants, healthcare, and educational facilities. In its 10-Q quarterly report filed with the U.S Securities and Exchange Commission on May 2nd, the company confirmed the breach, stating that the investigation is ongoing and that it has begun the process of preparing to comply with the commission’s obligations. Furthermore, Sysco noted that the attack has no impact to the company’s business operations, as no customer services have been interrupted.
Sysco stated it has notified the impacted individuals and that there is no ongoing threat to its network. The company’s security team has further implemented additional safeguards to prevent a similar breach from occurring in the future.