After a ransomware attack on Kronos, one of Puma’s North American labor-management service providers, the sportswear company suffered a data leak in December 2021. According to a data breach notification issued with numerous attorney generals’ offices, the attackers also obtained personal information belonging to Puma workers and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting it.
Kronos explains that KPC is secure storage shielded from attacks employing firewalls, encrypted transmissions, and multi-factor authentication. Enterprise Archive, Workforce Central, Workforce TeleStaff, TeleTime IP, Extensions for Healthcare (EHC), and FMSI environments are all hosted on this server.
“Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition,” as stated in written letters sent to impacted individuals. “On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.”
While the breach notice does not specify how many Puma workers’ personal information was compromised during the incident, the evidence submitted to the Maine Attorney General’s Office suggests that the ransomware attackers had access to data belonging to 6,632 people. Puma also revealed that Social Security numbers in files with the same office were also taken during the Kronos ransomware attack.
Experian IdentityWorks membership, which includes credit monitoring, identity restoration, and identity theft insurance, was provided free for two years to anybody affected by the data leak. In August, hackers stole source code for an internal Puma app and sold it on the Marketo data leak portal. Robert-Jan Bartunek, Puma’s corporate communications head, acknowledged the attack.