"Please know that this incident did not occur on or affect Mondelez systems or networks in any way."
It didn't need to have occurred there. The data had already left the network and been waved goodbye as it went.
Mondelez International has warned 51,000 of its past and present employees that their personal information has been stolen from a law firm hired by the Oreo and Ritz cracker giant. To be clear, the miscreants didn't infiltrate Mondelez's IT estate: they broke into Bryan Cave Leighton Paisner LLP's network. And as one of …
I once had to retain US legal counsel for a contract review. They required I give them a wodge of personal information, including SSN (sorry, don't have one, I'm not a US citizen or resident, long conversation which went 'round and 'round the mulberry tree). Chap said it was for them to check against to prevent potential conflicts-of-interest. With all the 1 .. 10-ish-solicitor, "small" legal houses, one wonders "how good" their infosystem security is, and how many of them have been specifically-targeted-and-compromised.
If personal info was copied from their systems, I suppose a victim could sue them (yeah, right, good luck with that ...).