Sysco Corp. has notified more than 126,000 individuals that their personal information was compromised in a recent cyberattack, according to a press release.
The company initially disclosed the incident in early May in a Form 10-Q filing with the Securities and Exchange Commission but said the attackers likely had unauthorized access to its systems starting Jan. 14, 2023.
During that time frame, the company said, the attackers stole company data related to “operation of the business, customers, employees and personal data.”
The company is informing current and former employees that personal information such as names, Social Security numbers, account numbers and other information provided for payroll purposes might have been compromised in the data breach.
The letter to impacted employees says, “the threat actor gained access to our systems without authorization and claimed to have acquired certain data.” This suggests that it may have been a ransomware attack.
According to Sysco, the attack had no impact on its operational systems and related business functions and did not result in service interruptions.