Food distribution giant Sysco warns of data breach after cyberattack

Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data.

In an internal memo sent to employees on May 3rd and seen by BleepingComputer, the company revealed that customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees, may have been impacted in the incident.

“On March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023, in which the threat actor gained access to our systems without authorization and claimed to have acquired certain data,” Sysco added in data breach notification letters sent to some of the affected individuals.

Sysco also confirmed the security breach in a filed with the U.S. Securities and Exchange Commission one week ago, on May 2nd.

“The investigation determined that the threat actor extracted certain company data, including data relating to operation of the business, customers, employees and personal data,” the company said.

“The investigation is ongoing, and Sysco has begun the process of preparing to comply with its obligations with respect to the extracted data.”

The company believes the employees’ data stolen from its systems during the breach is a combination of the following: personal information provided to Sysco for payroll purposes, including name, social security number, account numbers, or similar info.

Sysco also hired a cybersecurity firm to help investigate the incident and notified federal law enforcement of the cyberattack.

Sysco: No impact on customer service and business operations

The incident has not impacted its business operations, and customer service has not been interrupted, according to the 10-Q SEC filing.

Sysco also told affected individuals that there is no ongoing threat to its network and that its security team implemented additional safeguards to prevent a similar breach from occurring in the future.

With more than 71,000 employees, Sysco operates 333 distribution facilities worldwide and services around 700,000 customer locations, including restaurants, healthcare, and educational facilities.

According to its website, Sysco generated over $68 billion in sales for the fiscal year 2022, which ended July 2, 2022.

A Sysco spokesperson was unavailable for comment when contacted by BleepingComputer earlier today.