The California Office of the Attorney General disclosed a data breach affecting The J.M. Smucker Company in February 2024, stemming from an incident on December 23, 2012. The breach exposed sensitive personal and financial information of an unknown number of individuals, including names, addresses, email addresses, phone numbers, credit/debit card numbers, expiration dates, and verification codes. The compromised data poses significant risks, such as identity theft, financial fraud, and unauthorized transactions, given the exposure of full payment card details. While the exact scale of the breach remains undisclosed, the inclusion of verification codes (CVVs) heightens the severity, as these are typically required for card-not-present fraud. The delay in public disclosure (over 11 years) further complicates mitigation efforts for affected individuals, leaving them vulnerable to prolonged exploitation. The breach underscores critical failures in data protection and incident response, particularly for a company handling consumer financial data. The lack of transparency regarding the number of victims and the extended timeframe before notification exacerbate reputational and legal repercussions, potentially eroding customer trust and inviting regulatory scrutiny under data protection laws.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-44253
TPRM report: https://www.rankiteo.com/company/thejmsmuckerco
"id": "the955091725",
"linkid": "thejmsmuckerco",
"type": "Breach",
"date": "12/2012",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Consumer Packaged Goods / Food & Beverage',
'location': 'United States (Ohio)',
'name': 'The J.M. Smucker Company',
'type': 'Corporation'}],
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Information '
'(PCI)']},
'date_publicly_disclosed': '2014-02-27',
'description': 'The California Office of the Attorney General reported a data '
'breach involving The J.M. Smucker Company on February 27, '
'2014. The breach occurred on December 23, 2012, potentially '
'exposing personal information including names, addresses, '
'email addresses, phone numbers, credit and debit card '
'numbers, expiration dates, and verification codes. The number '
'of individuals affected is unknown.',
'impact': {'data_compromised': ['names',
'addresses',
'email addresses',
'phone numbers',
'credit card numbers',
'debit card numbers',
'expiration dates',
'verification codes'],
'identity_theft_risk': 'High (PII and payment data exposed)',
'payment_information_risk': 'High (credit/debit card numbers, '
'expiration dates, verification codes '
'exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at The J.M. Smucker Company',
'type': 'Data Breach'}