KFC, Pizza Hut, and Taco Bell fast food chains disclosed a data breach. The attack resulted in an unanticipated data breach leading to the notification of undisclosed affected persons about stolen information and possible future identity theft. The initial report did not confirm customer information loss.
Still, the notification letter sent to affected people on Thursday highlighted the situation, confirming stolen personal data such as driver’s licenses and other ID card numbers. According to a report by Yum Brands, the owner of KFC, Taco Bell and Pizza Hut
“We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred in mid-January 2023. Our review determined that the exposed files contained some of your personal information, including Name or other personal identifiers in combination with Driver’s License Number or Non-Driver Identification Card Number.”
To avoid further panic, the company briefed the customers and the public about an investigation into the situation. It confirmed that no identity theft has resulted from the leaked information yet.
Despite the control over the situation, Yum! Brands shut down about 300 restaurants in the United Kingdom. The company’s annual report filed with the U.S Securities and Exchange Commission (SEC) confirmed it when it stated;
“On 18th January 2023, we announced a ransomware attack that impacted certain IT Systems which resulted in the closure of fewer than 300 restaurants in one market for one day, temporarily disrupted certain of our affected systems, and resulted in data being taken from our network.”
Although Yum! Brand assured all investors the ransomware attack would not cause any negative financial impact; the brand also confirmed incurring some expenses and the probability of incurring more due to the need for investigation and remediating the situation.
Another piece of information from the SEC report reads;
“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results.”
Another statement by the brand’s spokesperson assuring no customer’s information got into the wrong hands due to the attack followed the above words. It reads;
“In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cybersecurity incident.” The next statement confirmed no record of customers getting affected.
“We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.”
Despite all that happened, the brand has also expressed its commitment to providing quality services.
