Puma and the Risk of Third-Party Software

What happened?

The data of Puma employees was compromised in a ransomware attack. The targeted attack was part of a larger invasion of the third-party software, Kronos, used primarily for workforce management and human resources. Data stolen includes employees and their dependants’ personally identifiable information, including social security numbers.

How does this impact me?

It may not, directly. Puma wasn’t the only company impacted by the ransomware attack on Kronos. Others impacted include: “public transit workers in the New York City metro area, public service workers in Cleveland, employees of FedEx and Whole Foods, and medical workers across the country,” according to an NPR report.

This was an attack targeted at a third-party software that Puma, and many other companies, used for payroll, time management, scheduling, and other human resources tasks. It’s possible that your company uses Kronos services or another third-party business like it.

What to do next?

This is a prime example of what can happen when your workplace is compromised. It isn’t always customer information that fraudsters go after. If you can change your passwords for your internal tools at your job. If appropriate, check in with your IT team to see what safeguards your company has in place to keep your data safe. Check out our blog post on Account Takeover & You – Work Credentials Edition.