Sysco, the world’s leading food service company, experienced a data breach in 2023 that exposed customer and employee data, leading to a class action lawsuit. The breach resulted in victims spending significant time and money on identity theft and fraud protection, with an increased risk of future fraud. Plaintiffs alleged Sysco’s inadequate cybersecurity measures failed to prevent the incident. While Sysco denied wrongdoing, it agreed to a **$2.3 million settlement**, offering eligible U.S. residents (who received breach notices in May 2023) up to **$5,000** for documented losses, credit monitoring, and residual cash payments. The breach’s consequences included financial burdens, reputational damage, and long-term vulnerability for affected individuals, with claims requiring proof of expenses and a valid class member ID by the September 8, 2025 deadline.
Source: https://www.ecoportal.net/en/final-days-to-claim-up-to-5000/12447/
TPRM report: https://www.rankiteo.com/company/sysco
"id": "sys5792657090725",
"linkid": "sysco",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Food Service Distribution',
'location': 'Global (HQ in Houston, Texas, USA)',
'name': 'Sysco',
'size': 'Large (leading global food service company)',
'type': 'Corporation'}],
'customer_advisories': 'Eligible U.S. residents who received a breach notice '
'in May 2023 can file claims for compensation (up to '
'$5,000 for out-of-pocket losses, residual cash '
'payments, and credit monitoring services). Claims '
'must include proof of expenses and a class member ID.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (risk of identity theft and '
'fraud)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-05',
'description': 'Sysco, the leading global food service company, experienced a '
'data breach in 2023 that exposed customer data, leading to a '
'class action lawsuit. Plaintiffs alleged that Sysco failed to '
'implement adequate cybersecurity measures, resulting in '
'increased risk of identity theft and fraud. The company '
'agreed to a $2.3 million settlement, offering compensation of '
'up to $5,000 for out-of-pocket losses, residual cash '
'payments, and credit monitoring services to affected '
'individuals.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'data_compromised': True,
'financial_loss': '$2.3 million (settlement amount)',
'identity_theft_risk': True,
'legal_liabilities': True},
'investigation_status': 'Settled (final approval hearing scheduled for '
'October 9, 2025)',
'post_incident_analysis': {'corrective_actions': '$2.3 million settlement, '
'including compensation for '
'affected individuals and '
'credit monitoring services',
'root_causes': 'Alleged inadequate cybersecurity '
'measures by Sysco'},
'references': [{'source': 'Top Class Actions'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$2.3 million'},
'response': {'communication_strategy': 'Notice sent to affected individuals '
'in May 2023; settlement claims '
'process established with deadline of '
'September 8, 2025.'},
'stakeholder_advisories': 'Notice sent to affected individuals in May 2023; '
'settlement claims process communicated with '
'deadline of September 8, 2025.',
'title': 'Sysco Data Breach (2023)',
'type': 'Data Breach'}