Many Yum! Brands, the company that holds the KFC, Pizza Hut, and Taco Bell fast food chains, has started sending data breach warning letters to consumers whose personal data was stolen in a ransomware attack on January 13. The company has said that although some data had been stolen from its network, it had no proof that attackers had taken client information.
In the breach notification letters sent to impacted consumers, Yum! Brands disclosed that it has now discovered the attackers obtained certain individuals’ data, including names, driver’s license numbers, and some ID card numbers. The business also stated there was no proof of identity theft or fraud involving the stolen data.
“We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred in mid-January 2023,” said Yum! Brands. “Our review determined that the exposed files contained some of your personal information, including [Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number].”
Around 300 restaurants are owned by Yum! Brands had to close in the United Kingdom due to the January ransomware assault. The company stated in its 2022 annual report filed with the U.S. SEC (Securities and Exchange Commission) on Friday that on January 18, 2023, it announced a ransomware attack affecting certain IT Systems and causing the closure of nearly 300 restaurants in a market for one day, temporarily disrupted some of their affected systems, and resulted in data being taken from their network.
“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.”
Investors were also given reassurance by Yum! Brands in a January filing with the U.S. Securities and Exchange Commission. Although this incident briefly disrupted business, the company is unaware of any other restaurant interruptions and does not anticipate this occurrence to have a materially adverse impact on its operations, business, or financial results, according to its SEC report. Yum! With the assistance of almost 36,000 workers globally, Brands and its subsidiaries run or franchise over 55,000 restaurants in 155 countries and territories.
According to a Yum! Brands spokesperson, there is no proof that the data breach impacted the company’s customers. During the forensic analysis and investigation, the organization discovered that the January 2023 cybersecurity breach exposed certain employees’ personal data. The business has not yet revealed how many employees’ data was compromised by the ransomware assault.