- In a press release, a spokesperson for Yum advised TechRadar Professional that “In the middle of our forensic assessment and investigation, we recognized some private info belonging to workers was uncovered in the course of the January 2023 cybersecurity incident. We’re within the means of sending particular person notifications and are providing complimentary monitoring and safety companies. We now have no indication that buyer info was impacted.” The unique story continues under.
Regardless of preliminary stories on the contrary, plainly hackers did handle to steal knowledge from Yum! Manufacturers throughout a latest ransomware assault.
The mum or dad firm of KFC, Pizza Hut, and Taco Bell chains began sending out notifications to affected clients explaining what sort of info was stolen in the course of the assault that happened in mid-January this yr.
The notifications learn: “Our assessment decided that the uncovered information contained a few of your private info, together with [Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number].” That is loads of info for risk actors to commit acts of identification theft.
No proof of abuse
Within the preliminary report, the corporate mentioned there was no proof of buyer knowledge having been taken. However now that this has been confirmed, Yum! manufacturers has amended its declare to say there isn’t any proof that the stolen knowledge is being actively exploited within the wild.
The ransomware assault that occurred on January 18 this yr pressured the corporate to close down as much as 300 eating places in a single marketplace for a day, in line with Yum! Manufacturers’ submitting with the U.S. Securities and Alternate Fee (SEC). The shutdown “briefly disrupted” a few of its affected methods and resulted in knowledge theft, it additionally acknowledged.
“We now have incurred, and will proceed to incur, sure bills associated to this assault, together with bills to reply to, remediate and examine this matter.”
“Whereas this incident precipitated short-term disruption, the corporate is conscious of no different restaurant disruptions and doesn’t count on this occasion to have a cloth adversarial impression on its enterprise, operations or monetary outcomes,” it mentioned.
Whereas the corporate mentioned it notified affected clients and provided identification theft monitoring options in compensation, it didn’t say precisely how many individuals had been affected by the incident.
By way of: BleepingComputer (opens in new tab)