Monsanto Data Breach Hits 1,300 Individuals

Monsanto is not exactly the darling of the biotech world, so it's eminently possible that people will take its recent data breach as a good thing. An unknown assailant or assailants hacked into the client database of Monsanto subsidiary Precision Planting, potentially compromising 1,300 accounts that include names, addresses and — much worse — tax IDs, Social Security numbers and financial information.

Security expert Graham Cluley covered the issue on his blog, where he explained that Precision Planting came clean about its data breach, which occurred prior to March 27. The hacker behind the breach gained access to names and addresses of 1,300 employees and workers of Precision Planting clients, and possibly those of Precision Planting employees as well.

In some cases, the hacker was able to access Social Security numbers and financial information, including tax forms and employer tax ID numbers. Social Security numbers, when paired with names, are the Holy Grail for identity thieves, who can use the data to open bank accounts and collect tax refunds in other people's names.

The most curious aspect of the data breach is that the intruder does not seem to have done anything with this information, nor did he or she appear to be attempting to steal it in the first place. A letter to the Maryland attorney general from Precision Planting suggested that the breach was not intended for financial gain or identity theft.

What the hacker may have wanted is something of a mystery, although Monsanto has enough detractors that one of them may have simply wanted to make a point. The agricultural giant has come under fire over the last few years for potentially damaging practices and false advertising about the safety of its foods and pesticides.

A data breach in Monsanto's servers could give a hacker access to sensitive information about the company itself, with employee information coming along as collateral.

Whatever the impetus for the breach, the 1,300 affected employees are potentially in grave financial danger. Monsanto has provided each of them with a year-long subscription to identity-theft protection services to make sure, but anyone who has learned he or she is affected by the Monsanto breach should contact Equifax, Experian or TransUnion now to place a credit alert.

Monsanto Subsidiary Hacked

An undisclosed number of Precision Planting customers' and employees' personal information may have been accessed.

Precision Planting, a wholly owned subsidiary of Monsanto, recently began notifying an undisclosed number of customers and employees that their personal information may have been exposed when its systems were hacked.

The breach was discovered on March 27, 2014. Data on the affected servers included customers' names, addresses, tax identification numbers (which in some cases were Social Security numbers), and (in some cases) financial information. The servers also held some HR data, including employee W-2 forms that contained names, addresses, Social Security numbers, and (in some cases) driver's license numbers.

"We believe this unauthorized access was not an attempt to steal customer information; however, because it is possible that files containing your personal information may have been accessed, we wanted to make you aware of the incident as soon as possible," Precision Planting Commercial Lead John Larkin wrote in the notification letter [PDF]. "We have partnered with a leading forensics firm to understand and remediate this issue and also are working with the authorities."

All those affected are being offered one free year of membership in Experian's ProtectMyID Alert service. Affected businesses are also being offered one free year of membership in Experian's Business Credit Advantage service.

Customers and employees with questions are advised to contact (866) 926-9801.