Yum! Brands Data Stolen After Ransomware Attack

Yum! Brands data was stolen after a ransomware attack. And some of the sensitive info stolen during the attack includes names and license numbers amongst many others.

Yum! Brands Ransomware Attack

Yum! Brands Ransomware Attack

It seems that despite the initial reports to the contrary, hackers did manage to get their hands on Yum! Brands data during a recent ransomware attack.

The company which owns KFC, Taco Bell, and Pizza Hut chains began sending out notifications to impacted customers explaining the type of information that was stolen during the attack that happened in the middle of January this year.

Content of the Notification

The notification sent out read: “Our review determined that the exposed files contained some of your personal information, including [Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number].” And if anything about this is genuine, then this is plenty of information to commit various acts of identity theft by the threat actors.

The Initial Report of the Company

The company in the initial report stated that there was no evidence of customer data being taken. But now that it has now been confirmed, Yum! Brands have reportedly amended their own claim to say that there is no evidence that the stolen data is actively being exploited in the wild.

Yum! Brands Filing With the U.S. Securities and Exchange Commission (SEC)

The ransomware in question happened this year on January 18 and it forced the firm to shut down up to 300 restaurants in one single market for a complete day as per Yum! Brands filing with the U.S. Securities and Exchange Commission (SEC). The reported shutdown disrupted some of its affected systems temporarily and then resulted in data theft, it also revealed.

“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate, and investigate this matter.”

“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations, or financial results,” it revealed.

Number of Affected People

And while the company said that it has notified affected customers and has offered identity theft monitoring solutions in compensation, it however did not say just exactly the number of people that were affected by the incident.



Please enter your comment!
Please enter your name here