Sensitive Employee Data Compromised in Mondelez Global Breach Through Law Firm Bryan Cave Leighton Paisner

• Mondelez Global LLC announced a data breach affecting 51,110 individuals, with compromised information including social security numbers, names, addresses, and retirement plan details, resulting from unauthorized access to the systems of law firm Bryan Cave Leighton Paisner LLP.
• Mondelez is actively responding to the breach by offering credit monitoring services to potentially affected individuals and emphasizes the importance of vigilance in monitoring account statements and credit reports.

Mondelez Global LLC, a prominent commercial entity based in Chicago, Illinois, has announced a major data breach affecting 51,110 individuals. The breach involved the unauthorized access and acquisition of personal data, including social security numbers and other identifiers.

The breach occurred between February 23 and March 1, 2023, but was not discovered until May 22, 2023. The compromised data includes social security numbers, names, addresses, dates of birth, marital status, gender, employee identification numbers, and Mondelez retirement and/or thrift plan information. Financial information such as credit card numbers was not involved in the breach.

Mondelez retained the legal services of the law firm Bryan Cave Leighton Paisner LLP (“Bryan Cave”) for advisory on customary legal matters. To provide these services, Bryan Cave obtained personal information of current and former Mondelez employees. Bryan Cave detected unauthorized access to its systems, including customer files storage, on February 27, 2023, and initiated an investigation with the assistance of an outside cybersecurity forensics firm. They also notified law enforcement.

According to a statement from Chelsea Rissmiller, an attorney from DLA Piper LLP representing Mondelez, the law firm informed Mondelez of the unauthorized access on March 24, 2023. Mondelez conducted a thorough review of the impacted data to identify all affected individuals. The incident did not occur on or affect Mondelez’s systems or networks.

Mondelez is taking this breach very seriously. In a notification letter, the company stated, “While we are unaware of any attempted or actual misuse of your information, we are providing you with information about the event, our response, and steps you can take to protect your personal information. Mondelez takes this incident and the security of your personal information very seriously, and we sincerely regret any concern or issue this incident may cause.”

As a response, Mondelez is providing notice and offering credit monitoring services to individuals based on the personal information that was potentially impacted. Bryan Cave has taken steps to address the incident and prevent a similar occurrence in the future.

For individuals concerned about the breach, Mondelez recommends staying vigilant by reviewing account statements and monitoring credit reports. If there are any discrepancies or suspicious activities, it is crucial to act promptly.

Individuals who believe they might be affected by this data breach are encouraged to contact Mondelez Global LLC at 905 West Fulton Market, Suite 200, Chicago, Illinois, 60607 for more information.

The incident at Mondelez Global LLC highlights a growing concern in the cybersecurity landscape: the risk of data breaches through third-party entities, particularly law firms. Law firms are often repositories of sensitive information for various clients, making them lucrative targets for hackers and cybercriminals. Given the nature of the legal profession, law firms must handle large amounts of confidential data ranging from financial records to personal identifiable information. However, not all law firms have robust cybersecurity measures in place, and even those that do may still be vulnerable to sophisticated attacks. When a company entrusts sensitive data to a third-party such as a law firm, it inherently exposes itself to the cybersecurity practices and potential vulnerabilities of that third-party. This underscores the need for businesses to diligently vet the cybersecurity protocols of their third-party partners and encourage the adoption of best practices in data protection and security. Furthermore, this incident serves as a wake-up call for law firms to continuously invest in strengthening their cybersecurity infrastructure to safeguard their clients’ data and maintain trust.