Cyber Incident Victim: Sodexo
Date:
Apr 2018
Location:
United Kingdom
Summary
A targeted cyberattack compromised the cinema benefits platform operated by Sodexo, exposing payment card details of UK employees using the service. The breach occurred over a period of several months, with unauthorized access to the payment page leading to fraudulent transactions. The company took the platform offline to mitigate risks, notified relevant authorities, and engaged forensic specialists. Affected users were advised to cancel their credit cards and monitor statements for suspicious activity. The incident impacted individuals who had utilized the platform during the attack window, with stolen financial data exploited by threat actors prior to detection.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Sodexo Filmology data breach occurred between March 19 and April 3, 2018, affecting a UK-based cinema benefits platform operated by Sodexo, a multinational food services and facilities management company. Filmology provided discounted cinema tickets as employee rewards. Sodexo identified a targeted attack on the system hosting its Cinema Benefits platform, prompting immediate takedown of the website to eliminate further risks to consumer data. Forensic evidence and user reports indicated the breach had been active for approximately two months prior to its April disclosure, with fraudulent activities linked to compromised accounts observed as early as February 2018. Users reported unauthorized transactions on financial forums during this period, with one individual confirming direct communication with Filmology about stolen bank details from the payment page.
Sodexo formally notified affected customers on April 9, 2018, advising all users who accessed the platform between March 19 and April 3 to cancel their payment cards and monitor statements for suspicious activity. The company reported the incident to the UK Information Commissioner’s Office (ICO) and engaged a CREST-approved forensic investigation team to analyze the breach. Sodexo acknowledged implementing prior preventative security measures but confirmed attackers circumvented these defenses. The company apologized for the inconvenience, suspended the platform indefinitely, and committed to restoring benefit access through alternative methods while promising further updates to impacted users and their employers. Financial fraud risks to employees and operational disruption to the Filmology service constituted the primary impacts.