The Kronos Private Cloud (KPC), which caters to several companies, recently fell victim to a ransomware threat. Following the Kronos ransomware attacks, many organizations faced the backlash. The Puma data breach was one such incident, and it resulted in the data of almost half of Puma employees to be compromised.
Specifics of the Puma Data Breach
Puma became aware that its data had been breached when notifications were filed with various Attorney Generals’ offices earlier in February. It was actually Kronos – still fighting the ransomware mess – who was alerting victims of the data breaches through written letters. One such letter was delivered to Puma as well, and explained that personal information of Puma employees had been stolen.
However, the letter didn’t make clear the true extent of the Puma data breach. Puma got to know the shocking true numbers from the Office of the Main Attorney General. In fact, 6,632 Puma employees were at stake!
Among the stolen information was the Social Security Number of the employees. All the transactional service data between Puma and Kronos was also compromised. Soon, Kerstin Neuber. Senior Head of Communications at Puma confirmed publicly that Puma had indeed been impacted by the Kronos ransomware attack.
It is now a confirmed fact that the Puma data breach occurred solely within Kronos systems, in the Kronos Private Cloud (KPC) to be specific.
To handle this particular ransomware attack and mitigate its damage, and also to be better prepared for the future, Kronos has brought in a dedicated team of cybersecurity professionals. It has very honestly communicated with all the impacted customers as well, and also talked to the authorities.
At the Puma side of things, Puma itself is engaged in a rapid mitigation strategy. In compensation, affected employees were also offered 2 years of free Experian IdentityWorks subscriptions, which give them access to services like credit monitoring, identity restoration, and identity theft insurance.
While the occurrence of the Kronos ransomware attack and the consequent Puma data breach was lamentable, their responses show presence of mind and an attitude to fix what was wronged. This is often a critical component to springing back from a security breach, and is a much more productive response than panic.