Amalgamated Sugar suffers cyber security breach; 2,858 workers' personal info stolen

Posted at 11:01 AM, Feb 24, 2017

 Management officials of The Amalgamated Sugar Company, LLC distributed letters to its employees Thursday, notifying them that the company suffered “a data breach that has resulted in the disclosure of employee personal information to an unauthorized personal outside of the business.”

The company is headquartered in Boise, has factories in Nampa and the Mini-Cassia area, a research facility in Twin Falls, a warehouse in Nyssa, Oregon, and a marketing office in Savannah, Georgia. It is the nation’s second largest company manufacturing sugar from sugar beets, according to its website.

“2,858 employees are affected by this breach,” said company spokesperson Emily Baker. “This includes all current employees at all of our facilities, as well as any employee who worked for the company is 2016. Anyone who was hired by the company this year (2017) is not impacted.”

The letter, obtained by Idaho On Your Side, explained, “The breach was triggered through an e-mail scam known as a spear-fishing attack. Someone posing as our CEO and mimicking his company e-mail address sent an e-mail to a corporate office employee requesting copies of our employees’ W-2s. Believing that this request was legitimate, a member of our staff replied to the forged e-mail with copies of all 2016 W-2s for all Amalgamated, ARi and NSM employees.” ARi is the research facility in Twin Falls, NSM is the National Sugar Marketing Group, based in Savannah.

In the letter to employees, Scott Blickenstaff, General Counsel for the Snake River Sugar Company/The Amalgamated Sugar Company, LLC., stated officials are in the process of investigating the incident, and is working with law enforcement to determine the scope of the breach. “We take privacy and security of our employees’ information seriously and, as part of our response, we are purchasing (a) credit minoring service … for all affected employees, and compiling information on other ways to protect personal information.”

Blickenstaff said the company will be communicating more information to its employees within the next several days.

He instructed employees to place a fraud alert on their credit files and notify credit bureaus, so creditors will contact them before opening any new accounts or changing their existing accounts. He also recommended employees check their credit reports periodically, looking for any suspicious activity. “Thieves may hold stolen information to use at different times,” he stated.

Blickenstaff also told employees to report any suspicious credit activity to law enforcement agencies, their banks, credit card providers or other financial institutions.

“We greatly regret this breach has occurred,” he stated.