Cyber Incident Victim: Sodexo Motivation Solutions

In October 2018, Sodexo Motivation Solutions UK Ltd, a division of Sodexo specializing in employee benefits and engagement services, experienced a malware attack compromising its internal IT systems. The breach exposed personal information including names, email addresses, and home addresses of individuals. Sodexo Engage, operating the lifestylehub.co.uk platform for retail discounts and employee perks, took the website offline as a precaution after users reported receiving phishing emails, though investigators found no direct evidence linking the malware to this platform. The company engaged CREST-approved cybersecurity specialists to contain the breach, prevent further data leaks, and investigate the incident. Sodexo notified affected customers but declined to disclose the number of impacted individuals or technical details about the undetected malware, which evaded leading antivirus solutions. Internal assessments confirmed no compromise of financial data during the breach.

The UK Information Commissioner’s Office acknowledged awareness of the incident and initiated enquiries. Sodexo maintained that its Filmology platform—a separate entity breached earlier in April 2018, exposing credit card details—operated on entirely distinct infrastructure unrelated to the Motivation Solutions systems. Lifestylehub.co.uk remained offline during The Register’s reporting on October 10, with no public restoration timeline provided. The company continued updating affected customers while emphasizing operational separation between its business units to mitigate reputational cross-contamination from prior incidents. Service disruptions prompted public inquiries from users, including social media complaints about the prolonged website unavailability.