We have recently learned that Puma Sportswear was impacted by a data breach in the waning days of 2021.
It’s important to note that Puma’s networks were not attacked directly. The attack was made against Kronos which is one of the company’s North American workforce management service providers.
In a recently filed data breach notification it was disclosed that the still unidentified attackers stole a variety of personal information belonging to Puma employees and their dependents from the Kronos Private Cloud. In addition, they deployed ransomware on the Kronos network.
The investigation into the breach is ongoing but it presently appears that nearly half of Puma’s employees were impacted. Kronos sent a letter to all impacted individuals. Unfortunately, the letter was terse and contained little in the way of actionable information.
The letter states:
“On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.”
All impacted individuals have been offered two free years of Experian IdentityWorks, which includes credit monitoring, identify theft insurance, and identity restoration.
This is the second hacking incident involving Puma in recent months. Back in August of 2021 the company’s network was breached and source code for an internal application was stolen and put up for sale on the Dark Web.
The company stressed that no customer data was compromised and that the stolen information was connected solely to the company’s employees.
This attack underscores the risks and dangers inherent in our increasingly interconnected world. A data breach on a trusted vendor’s network can impact your company in ways you never even imagined. That means no matter how much you spend on your own IT security, you may still be vulnerable if one of the vendors you rely on doesn’t take security as seriously as your firm does.
