B&G Foods attacked by Daixin Team; files leaked

B&G Foods describes itself as a “multibillion dollar company with more than 50 brands and one purpose: Delicious food from our family to yours.” Some of the California firm’s brands are Crisco, Green Giant, Cinnamon Toast Crunch, Cream of Wheat, and Vermont Maid Syrup. But a recent cyberattack by Daixin Team has allegedly resulted in the encryption of an estimated 1,000 hosts and the exfiltration of files that have now been leaked on Daixin’s dark web leak site.

Listing on Daixin leak site adds B&G Foods. Daixin's leak includes "STOLEN DATA INCLUDES:Internal documents and databases dump" — *Daixin’s leak site listing claims internal documents and databases exfiltrated from B&G.*

A spokesperson for Daixin informs DataBreaches that B&G was locked on February 4. On inquiry, Daixin’s spokesperson wasn’t sure whether they had encrypted all backups and stated that the firm could have recovered. When asked how they had contacted B&G and whether B&G ever responded, Daixin told DataBreaches that they had left notes on the local network and sent several communications, but B&G did not appear in the chat to respond or try to negotiate.

“Maybe they don’t care about the leak, and like to restore systems the hard way,” the spokesperson added.

Inspecting the leaked files confirmed one of Daixin’s statements to DataBreaches that this wasn’t one of their more significant attacks. The leaked data does include internal company documents. However, the entire dump does not appear to have more serious or confidential corporate files, personnel files, or contractor files.

Some personnel-related files concern employee benefits, while others reveal employees’ birthdays (month and day, but not year) and cellphone numbers. Other files concerned employee benefits.

Some files, however, included sensitive employee data, as the two files below illustrate. The first is a portion of a letter sent to two healthcare professionals asking for their assessment as to whether a named employee was fit for work in light of their job duties, medical condition (severe sleep apnea), and prescribed medication.

Letter to doctor asking for fitness to work evaluation for named employee who suffers from severe sleep apnea and is on a named medication. — *Request for a fitness-to-work evaluation for a named employee. The letter indicated his medical issues and prescribed medication. Redacted by DataBreaches.net*

The second image (below) is the top portion of the first page of a confidential investigation after an incident in which a named contractor was found unconscious on a job site from what appears to have been drug abuse or overdose.

Top portion of a confidential investigative file on an incident involving a contractor found unconscious from drug use. — *The top portion of a confidential and privileged report on a contractor found unresponsive on a job site. Redacted by DataBreaches.net. B&G purchased Smuckers in 2020.*

As a multibillion-dollar company, B&G could afford to pay a ransom, and their incident response is likely more attributable to a refusal to be extorted than an inability to pay. But how will they compensate employees whose personal and sensitive details have now been leaked for everyone to read?

DataBreaches sent an email inquiry to B&G yesterday asking whether the encryption had interfered with any of B&G’s functions and whether B&G could decrypt any locked files without Daixin’s decryptor or if they were able to restore from a backup. They did not reply.

This post will be updated if more information is received.