Fast food giant Yum! Brands, the parent company of well-known chains including KFC, Pizza Hut, and Taco Bell, has issued data breach notification letters to an undisclosed number of individuals whose personal information was compromised in a ransomware attack that took place on January 13, 2023. The company is now providing updated information after its initial statement indicated that it had no evidence of customer data being exfiltrated by the attackers.
Yum! Brands’ breach notification letters, which were sent out starting Thursday, revealed that a detailed review of the incident has uncovered evidence that the attackers were able to steal certain individuals’ personal information. Among the data compromised were names, driver’s license numbers, and other identification card numbers.
“We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred in mid-January 2023,” Yum! Brands stated in the notification letters.
The company explained that its review had determined that some individuals’ files were exposed and that this information included personally identifiable details such as driver’s license numbers or non-driver identification card numbers.
Despite the breach, Yum! Brands emphasized that the ongoing investigation had not found any evidence to suggest that the stolen data has been used for identity theft or fraud. The notification letters read, “While we have no evidence of identity theft or fraud involving your data, we wanted to share some details and offer you some resources that you may find helpful.”
Yum! Brands detailed the steps it took in response to the cybersecurity incident: “Upon discovery, we took steps to lock down impacted systems, notified federal law enforcement authorities, worked with leading digital forensics and restoration teams to investigate and recover from the incident, and deployed enhanced 24/7 detection and monitoring technology.”
Additionally, the company mentioned that it had conducted a comprehensive review with the help of outside specialists to identify individuals whose personal information may have been present in files affected by the attack.
Yum! Brands is contacting affected individuals out of an abundance of caution to provide support and resources, including recommendations for vigilance against identity theft and fraud. It advises individuals to review account statements, monitor credit reports for unauthorized activity, and exercise caution when responding to contacts that request personal or sensitive information.