The brand owner of a number of well-known fast food chains recently issued data breach notices following a ransomware attack. Yum! Brands, the owner of brands including KFC, Taco Bell and Pizza Hut, gave notices to an undisclosed number of people whose personally identifiable information (PII) was stolen in a ransomware attack back in January this year. As a result of the cyberattack, the American fast-food corporation was forced to temporarily close around 300 outlets serving food and beverages in Britain.
Ransomware attack leads to data breach
The recent notification letters issued by Yum! Brands follow the US-based company stating that while some data was exfiltrated from its network during the attack, it had found no evidence that the threat operators involved stole any information belonging to individuals.
In the breach notices sent to impacted individuals, the US fast-food enterprise revised its statement. Yum! revealed that it had uncovered that the attackers behind the cybercriminal trespass stole some personal information, which included the full names, ID card numbers and driver’s licence numbers of some individuals.
The notification from Yum! Brands read:
“We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred in mid-January 2023. Our review determined that the exposed files contained some of your personal information, including [Name or other personal identifier in combination with: Driver’s Licence Number or Non-Driver Identification Card Number].”
The corporation also added that the continuing investigation had found no evidence that the data stolen had been employed in any fraud or identity theft activity.
UK restaurants affected by the attack
As a direct consequence of the ransomware attack on Yum! Brands in January, the corporation had to shut down about 300 restaurants located in the UK. In a report recently filed with the U.S. Securities and Exchange Commission, the company commented:
“On January 18, 2023, we announced a ransomware attack that impacted certain IT Systems which resulted in the closure of fewer than 300 restaurants in one market for one day, temporarily disrupted certain of our affected systems and resulted in data being taken from our network.”
The report also mentioned that Yum! Brands had incurred, and will likely continue to experience, expenses related to the attack. These included the cost of responding to, remediating and investigating the incident. In the same filing, the corporation also attempted to ease the concerns of investors, stating that the ransomware attack had not resulted in a negative impact.
It added that while the security incident had caused a temporary disruption, the corporation was not aware of any other restaurant disruptions and did not anticipate that the event would have an adverse impact on its operations, business, or financial results.
Yum! Brands and its associated subsidiaries operate and franchise over 55,000 restaurants in approximately 155 territories and countries, while employing around 36,000 employees around the world.
While the corporation has come forth to explain that no customer data was stolen in the event, the breach has resulted in the exposure of PII belonging to its employees. How many individuals have been impacted by the ransomware attack has not yet been revealed.