Puma suffers hacker attack in cloud
Posted: Wed Apr 23, 2025 3:56 am
Sportswear brand Puma has suffered a data breach following a ransomware attack that hit one of its service providers in December 2021. It is estimated that hackers gained access to information from 6,632 of the company's employees, which represents almost half of the workforce, as Puma employs 14,300 people globally.
The initial attack targeted Kronos Private Cloud (KPC), a service from technology multinational Ultimate Kronos Group (UKG) that runs slovenia mobile database management and human resources applications, such as banking scheduling systems and health insurance extensions. Following the attack, Kronos launched an investigation and discovered that Puma was one of the customers impacted by the incident.
According to Kerstin Neuber, Puma's senior head of communications, no systems on the company's network were breached, nor was "any Puma customer data affected."
Personal data
According to Kronos, the company confirmed the data theft on January 7, 2022, and notified Puma on January 10. The sports brand's employee information was saved in the cloud and was encrypted by the criminals.
“Since the attack was discovered, Kronos has been conducting a comprehensive analysis of the affected environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition,” the company said.
Kronos also said it has taken necessary steps to prevent similar incidents by strengthening the security of its IT systems and implementing more scanning and monitoring capabilities.
The attack was confirmed by Puma's head of corporate communications, Robert-Jan Bartunek, who said the data stolen by the ransomware included employees' social security numbers. As a precaution, those affected by the data breach will receive a two-year free membership to Experian IdentityWorks, a software that includes credit monitoring, identity restoration and identity theft insurance.
In August last year, hackers stole the source code for an internal Puma application and put it up for sale on data breach portal Marketo.
The initial attack targeted Kronos Private Cloud (KPC), a service from technology multinational Ultimate Kronos Group (UKG) that runs slovenia mobile database management and human resources applications, such as banking scheduling systems and health insurance extensions. Following the attack, Kronos launched an investigation and discovered that Puma was one of the customers impacted by the incident.
According to Kerstin Neuber, Puma's senior head of communications, no systems on the company's network were breached, nor was "any Puma customer data affected."
Personal data
According to Kronos, the company confirmed the data theft on January 7, 2022, and notified Puma on January 10. The sports brand's employee information was saved in the cloud and was encrypted by the criminals.
“Since the attack was discovered, Kronos has been conducting a comprehensive analysis of the affected environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition,” the company said.
Kronos also said it has taken necessary steps to prevent similar incidents by strengthening the security of its IT systems and implementing more scanning and monitoring capabilities.
The attack was confirmed by Puma's head of corporate communications, Robert-Jan Bartunek, who said the data stolen by the ransomware included employees' social security numbers. As a precaution, those affected by the data breach will receive a two-year free membership to Experian IdentityWorks, a software that includes credit monitoring, identity restoration and identity theft insurance.
In August last year, hackers stole the source code for an internal Puma application and put it up for sale on data breach portal Marketo.