KFC, Pizza Hut owner employee data stolen in ransomware attack

Upon learning that attackers accessed and siphoned data in January, Yum! Brands, the fast-food chain operator behind The Habit Burger Grill, KFC, Pizza Hut, and Taco Bell, has begun sending Notice of Security Breach letters to employees whose data were potentially affected.

“We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred mid-January 2023,” says the breach notice. While the company finds “no evidence of identity theft or fraud” involving the stolen data, it says it is contacting employees “out of an abundance of caution” to provide support and resources they might need.

The notice revealed that employee names, driver’s license numbers, and other ID card numbers are among the data that ransomware attackers took.

According to BleepingComputer, Yum! Brands has yet to provide the number of employees whose data threat actors stole during the attack.

The January ransomware attack

Over three months ago, Yum! Brands said it had experienced a ransomware attack that affected its IT systems, forcing it to close less than 300 restaurant chains in the UK for a day.

“Promptly upon detection of the incident, the Company initiated response protocols, including deploying containment measures such as taking certain systems offline and implementing enhanced monitoring technology,” the company said in a statement. “The Company also initiated an investigation, engaged the services of industry-leading cybersecurity and forensics professionals, and notified Federal law enforcement.”

In its filing with the Securities and Exchange Commission (SEC) in January, Yum! Brands assured investors that although the attack caused a temporary disruption, there would be no negative financial impact.

“While this incident caused temporary disruption, the Company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” the Form 8-K mentioned.

“…no material adverse effect…”

Yum! Brands continues to believe the ransomware incident would not cause adverse operational or financial effects in the long run.

“While the Company’s response to this incident is ongoing, at this time we do not believe such impact of the incident will ultimately have a material adverse effect on our business, results of operations or financial condition,” the company says in its 2022 annual report to the SEC which it filed on Friday.

The firm has yet to disclose the ransomware group behind the attack.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.