Monsanto Sprouts Data Breach Affecting Thousands

Photo credit: 360b/
Photo credit: 360b/

Monsanto, the agricultural giant that is known for pioneering genetically modified wheat that’s resistant to Roundup weed killer, has disclosed a data breach involving the personal information of customers and employees of its Precision Planting subsidiary. 

Precision Planting provides farm equipment and services to agricultural customers. To  provide those services, it collects business-related information about the companies it serves, along with some personal information pertaining to individual business owners, employees and contractors. On March 27, Monsanto discovered that some of that information had been accessed “by an outside party.”

Interestingly, the company is saying it wasn’t a hack – even though it’s working with the FBI and a security firm on a forensics investigation.

“We believe this unauthorized access was not an attempt to steal customer information; however, it is possible that files containing personal information may have been accessed and therefore we are making this notification,” said Reuben Shelton, the company’s senior counsel, in a letter to the State of Maryland.

The exposed information included names, addresses, tax ID numbers (and possibly Social Security numbers), and some financial account information about customers. Also, the company said that some HR data was stored on the compromised servers, including some W2 tax forms that contained employee names, addresses and Social Security numbers, and, for a small number of employees, driver’s license numbers.

Shelton added that Monsanto will be sending notification letters for the affected individuals “shortly.” In Maryland there were 14 affected individuals, but the breach could be much larger given Monsanto’s international conglomerate status as the world’s largest seed company. The Precision Planting unit is based in Tremont, Ill., and has thousands of customers. Spokeswoman Christy Toedebusch told Bloomberg that around 1,300 farmer customers were affected by the breach – no word on how many individuals.

“The incident has been contained and we have partnered with a leading forensics firm to understand and remediate this issue,” Shelton said. “We are not aware of any misuse of any information from this incident, but we are notifying all of the affected individuals and providing them with free one-year membership of credit monitoring and identity theft insurance.”

What’s hot on Infosecurity Magazine?