Rich Products Corporation, one of the largest privately held food companies in the United States, has disclosed a data breach after a phishing attack targeting a third-party vendor exposed sensitive personal information connected to individuals associated with the company.
The incident did not originate within Rich Products’ own systems. According to breach notifications and regulatory filings, the compromise occurred at First Advantage Corporation, a background screening and identity verification provider that works with Rich Products and processes employment-related records on its behalf.
First Advantage said it discovered the intrusion on November 17, 2025, after an attacker gained access to the email account of an employee working within its Drug & Occupational Health Screening Unit. Investigators determined that the account had been compromised around November 13 following what the company described as a sophisticated phishing attack. The threat actor reportedly downloaded the contents of the employee’s email inbox before access was terminated.
According to reports submitted to state regulators, the exposed information included highly sensitive personal data. Impacted records may contain names, Social Security numbers, driver’s license numbers, dates of birth, and other identifying information tied to individuals connected with Rich Products.
While Rich Products’ public notification referenced names and personal identifiers, additional filings submitted by First Advantage to state agencies revealed that government-issued identification information and Social Security numbers were also compromised.
The breach appears relatively limited in scale compared to some recent mass exposures, affecting roughly 200 individuals associated with Rich Products. However, the type of information exposed significantly increases the risk of identity theft, financial fraud, account takeover attempts, and targeted social engineering attacks.
Investigators said the compromised employee account was disabled after the intrusion was discovered. First Advantage also stated that additional security measures and safeguards were implemented to reduce the likelihood of similar incidents in the future.
The timeline of the incident has drawn attention. Although the breach was detected in November 2025, Rich Products reportedly was not informed until March 2026, and affected individuals began receiving notifications several weeks later.
First Advantage said it is not currently aware of confirmed misuse of the stolen information. The company is offering affected individuals complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company.
Founded in 1945 and headquartered in Buffalo, New York, Rich Products operates in more than 100 countries and supplies bakery products, desserts, frozen foods, and foodservice solutions worldwide. The company generates billions of dollars in annual revenue and employs approximately 13,000 people globally.