The ransomware attack against Kronos systems last year is now affecting one of its biggest clients – Puma, through a data breach.
As per a notification shared earlier this month, it’s known that senstive data belonging to some Puma employees was stolen. Kronos in this case announced offering free credit monitoring and identity insurance services for safeguarding victims after the breach.
Puma Data Stolen
Puma, one of the largest sportswear brands is, unfortunately, a customer of Kronos, a workforce service management service provider. Kronos was subject to a ransomware attack in December last year, where hackers had stolen some of the unauthorized information stored in Kronos Private Cloud.
Kronos says its Private Cloud (KPC) contains data regarding Workforce Central, Workforce TeleStaff, Enterprise Archive, TeleTime IP, Extensions for Healthcare (EHC), and FMSI environments, and is secured through firewalls, multi-factor authentication, and encrypted transmissions for protection.
Hackers accessed this cloud environment of Kronos and stole data before encrypting it. After a thorough investigation, Kronos has filed reports with several attorneys general, disclosing the findings. In its statement, Kronos stated that senstive data belonging to some of its clients were stolen, including that of Puma.
While it didn’t specifically mention how many people were affected in the public breach notification, Kronos said of PII of about 6,632 individuals were impacted, in filing with the Maine Attorney General. Stolen data includes the Social Security Numbers to employees.
It’s expected that over half of the impacted would be of Puma’s, and are eligible to get two years of free Experian IdentityWorks membership. This includes credit monitoring, identify restoration, and identity theft insurance.
While this is an indirect attack affecting Puma, the company had suffered a data breach in August last year, where hackers stole the source code of Puma’s internal application, which was later being sold in data leak portals.