A leading US fast food company has been sending out breach notification letters to individuals impacted by a ransomware incident that occurred in January.
Yum Brands – which owns KFC, Taco Bell and Pizza Hut – suffered a ransomware breach on around January 13. According to an SEC filing a few days later, it was forced to close 300 outlets in the UK for a day as a result.
“Although data was taken from the company’s network and an investigation is ongoing, at this stage, there is no evidence that customer databases were stolen,” it said at the time.
Now a new breach notification letter dated April 6 is being sent out to an unidentified number of individuals, believed to be Yum Brands employees.
Read more on ransomware: Food Shortages at Dutch Supermarkets After Ransomware Outage.
While the firm maintains it has seen “no evidence of identity theft or fraud” involving the breached information, it is providing complimentary credit monitoring and identity protection for two years to those affected.
“As a matter of general precaution, it is always good practice to be vigilant against identity theft and fraud by reviewing your account statements and monitoring any available credit reports for unauthorized or suspicious activity, and by taking care in response to any email, telephone or other contacts that ask for personal or sensitive information (e.g., phishing),” it advised.
“Yum will never request sensitive information by phone or email.”
The fast-food giant says it and its subsidiaries employ around 36,000 people worldwide including 23,000 in the US. It runs around 54,000 franchise restaurants across the globe.
“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter,” the firm said in its 2022 annual report.
“We remain subject to risks and uncertainties as a result of the incident, including as a result of the data that was taken from the company’s network.”
Editorial image credit: T. Schneider / Shutterstock.com