Data Breach Notifications

Entity Information

  • Type of Organization: Other Commercial
  • Entity Name: Smithfield Specialty Foods Group LLC (“Smithfield” or the “Company”)
  • Street Address: 200 Commerce Street
  • City: Smithfield
  • State, or Country if outside the US: VA
  • Zip Code: 23430

Submitted By

  • Name: Lisa J. Sotto
  • Title: Partner
  • Firm name (if different than entity): Hunton Andrews Kurth LLP
  • Telephone Number: 212-309-1223
  • Email Address: lsotto@huntonak.com
  • Relationship to entity whose information was compromised: Outside legal counsel

Breach Information

  • Total number of persons affected (including residents): 22103
  • Total number of Maine residents affected: 163
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
  • Date(s) Breach Occured: 11/24/2021-12/14/2022
  • Date Breach Discovered: 06/07/2023
  • Description of the Breach:
    • Other, External system breach (hacking)
    • If other, please specify: Smithfield was informed by its third-party website hosting provider, Commercev3, Inc. (“CV3”), that a security incident occurred on CV3’s systems. This issue occurred on CV3’s systems and did not affect Smithfield’s own systems. CV3 is the third-party website hosting provider that hosts the Company’s smithfieldmarketplace.com and thepeanutshop.com websites. CV3 informed Smithfield on June 7, 2023 that an unauthorized party obtained certain information about Smithfield customers who made purchases on smithfieldmarketplace.com and thepeanutshop.com between November 24, 2021 and December 14, 2022, including names, billing addresses, email addresses, and payment card information (including card numbers, expiration dates, and security codes). Promptly upon becoming aware of this issue, Smithfield took steps to evaluate its nature and scope and suspended this aspect of the third-party web hosting service. Smithfield is working with CV3 to address this issue. CV3 indicated it engaged a cybersecurity firm to support its investigation and notified the payment card brands about this issue. CV3 also indicated to Smithfield that it notified law enforcement about this incident and implemented additional security measures on CV3’s systems. Smithfield has arranged to provide the affected individuals with one year of credit monitoring and identity protection services at no cost to them.
  • Information Acquired - Name or other personal identifier in combination with: Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account)

Notification and Protection Services

  • Type of Notification: Written
  • Date(s) of consumer notification: 06/29/2023
  • Copy of notice to affected Maine residents: Smithfield Specialty Foods Group LLC Individual Notice.pdf
  • Date of any previous (within 12 months) breach notifications: N/A
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: Smithfield has arranged to offer 12 months of complimentary credit monitoring and identity protection services to affected individuals.