Nestlé denies it was hacked by Anonymous, claiming it accidentally leaked data dump itself—but it will stop selling Russians Kit Kats and Nesquik

March 23, 2022, 3:11 PM UTC

Nestlé has denied claims that hacker collective Anonymous published sensitive information it stole from the Swiss food giant as punishment for doing business in Russia.

Responding to increasing consumer pressure, Nestlé said it is reducing its offering of consumer brands in Russia, including Kit Kat and Nesquik, as quickly as possible in response to Vladimir Putin’s unprovoked war of aggression against Ukraine. 

“We’re in the process of suspending the vast majority [of the group’s prewar sales volume], including pet food and coffee as well as confectionery,” the company said in a statement to Fortune, adding the decision was taken on Wednesday. “Our guiding principle is to focus on essential foods such as baby food and medical nutrition.”

Nestlé added it expected neither to make a profit nor pay any related taxes for the foreseeable future in Russia, both key demands made by critics. 

Should it indeed book any earnings, it said they would be donated to humanitarian relief organizations.

Furthermore it said it is one of the few companies keeping shelves stocked for the population in Ukraine, currently delivering 60% of its prewar volume.

The company has come under heavy criticism for doing business in Russia, with Ukrainian President Volodymyr Zelenskyy singling it out in a speech to protesters on Saturday in the Swiss capital of Bern. This came on top of earlier attacks by his ministers, which were reported by Fortune.

A closely followed list drafted by Yale University’s Jeffrey Sonnenfeld of companies still doing business in Russia ranked Nestlé in the second worst group.

Other companies including Renault, which owns Russian car brand Lada, as well as German retailer Metro and Deutsche Telekom, were ranked even lower.

Data dump

Nestlé, the world’s largest food group by market cap, also denied recent claims by Anonymous that it had successfully made off with over 10 gigabytes of data including passwords and emails.

The hacking collective said only a sample of that has been published, with information on more than 50,000 Nestlé business customers available for download.

Anonymous, which published on Sunday a list of companies it was targeting that had 48 hours to pull out of Russia, said the alleged Nestlé hack was retaliation for continuing to do business in Putin’s country.

However, according to an analysis conducted by Nestlé, the affected data had already been published last month accidentally by the company itself. 

“It relates to a case from February this year, when some randomized and predominantly publicly available test data of a [business-to-business] nature was made accessible unintentionally online for a short period of time. We quickly investigated, and no further action was deemed necessary,” it said, adding cybersecurity was one of its top priorities.

Hacking has become a familiar threat to companies, with Cybersecurity Ventures estimating in November 2020 that global economic cybercrime costs will grow from $3 trillion in 2015 to reach $10.5 trillion annually by 2025.

Typically data thefts can cause headaches but don’t often pose acute risks to business compared, for example, to more dangerous ransomware attacks, as it can sometimes take weeks to pilfer actionable information.

Nonetheless, one of the companies targeted by Anonymous—Japanese tire producer Bridgestone—chose not to take any risks. 

Its official Twitter channel reached out to Anonymous to indicate Bridgestone had already suspended activities in the country, directing the collective to a statement published six days earlier

“We expect other companies to act like you,” Anonymous responded.

Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you.