KFC owner suffers data breach following ransomware attack

Note: This article was updated on April 12, 2023, to reflect the fact that employee data, not customer data, was accessed during the cyber attack against Yum! Brands

US fast-food corporation Yum! Brands, which owns franchises including KFC, Pizza Hut and Taco Bell, has suffered a data breach following a ransomware attack.

The cyber attack, which took place on January 18, 2023, involved a malicious actor gaining unauthorized access to Yum! Brands’ network. The ransomware attack resulted in approximately 300 restaurants within the UK being temporarily shut down due to the IT systems affected by the attack.

Once discovered, Yum! Brands said the attack “took steps to lockdown impacted systems, notified federal law enforcement authorities, worked with leading digital forensics and restoration teams to investigate and recover from the incident and deployed enhanced 24/7 detection and monitoring technology”.  

After the incident was contained, the fast-food corporation initiated an investigation into the attack to see if any personal data had been stolen. It determined that the files accessed by the malicious actor during the attack contained private employee data.

The data stolen in the breach includes the names and ID card numbers of some employees including driver license numbers. In a notice of the breach sent to those affected, Yum! Brands said there was “no evidence of identity theft or fraud” being committed with the stolen data.

A Yum! Brands spokesperson said to Cyber Security Hub: “In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cyber security incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.”

In a report filed with the US Securities and Exchange Commission regarding the attack, Yum! Brands said that it had “incurred, and may continue to incur, certain expenses related to this attack including expenses to respond to, remediate and investigate this matter”. The organization said it “does not expect this event to have a material adverse impact on its business, operations or financial results”. 

Leave a Reply

Your email address will not be published. Required fields are marked *