article featured image


The US pizza chain California Pizza Kitchen (CPK) allegedly suffered a data breach that exposed the names and Social Security Numbers (SSNs) of over 100,000 current and former employees.

What Is California Pizza Kitchen?

Founded in 1985, California Pizza Kitchen (CPK) is an American casual dining restaurant chain that specializes in California-style pizza.

According to Wikipedia, the chain has over 250 locations in 32 U.S. states, and ten other countries, including 15 California Pizza Kitchen nontraditional franchise concepts designed for airports, universities, and stadiums.

When Did the Breach Happen?

According to a data breach notification, the incident occurred on September 15th when the company observed a disturbance on its systems. As per the notice, the number of persons affected (including residents) has reached 103767.

The pizza chain declared that it took immediate action in order to mitigate and investigate the attack with the help of third-party IT specialists.

The impacted individuals received a notice from CPK stating:

CPK immediately secured the environment and … launched an investigation to determine the nature and scope of the incident.

Although the attack was discovered on September 15th, it wasn’t until October 4th that the chain was able to determine threat actors had managed to obtain access to the company’s systems.

What Data Was Exposed?

According to California Pizza Kitchen, the cyberattack had delivered threat actors the Social Security Numbers (SSNs) of former and current employees, as well as names and other confidential files. Fortunately, there is no evidence that the data obtained was misused by attackers.

There are no details on what kind of breach impacted the pizza chain or how cybercriminals gained access to the network.

At the moment, the firm is analyzing existing security policies and has put into practice supplementary security measures, such as safeguards and staff training, to help prevent similar situations in the future.

The Importance of Employee Training

According to security experts, employee training is a critical factor in preventing breaches like this, which are becoming more common in companies that store private information on their networks. The problem is that these companies frequently hire people without specific knowledge of how security breaches can happen.

Every business like California Pizza Kitchen possesses valuable PII data which makes them a prime target for attackers. To help protect against attacks, enterprises need to ensure their employees practice good cybersecurity hygiene.


The CPK data breach comes after another major data breach from investment platform Robinhood. After their systems were compromised, a threat actor acquired access to the personal information of around 7 million consumers.

Following the Robinhood data breach disclosure, a cybercriminal known as pompompurin’ posted on a hacking forum that the stolen information is available for sale.

Just like many other businesses, California Pizza Kitchen (CPK) had a really hard time during the pandemic. The organization filed for chapter 11 bankruptcy in July 2020 in an effort to reduce its debt.

How Can Heimdal™ Help You?

Data breaches are very common nowadays and system vulnerabilities usually facilitate hackers’ infiltration. That is why a system should be always updated and have the latest patches applied. But what do you do if you cannot keep always track of what patches need to be applied? You use an automated Patch Management Solution.

Heimdal™ has this solution and it’s very efficient because it really saves you time. You will always have control over your software inventory, enabling patch management from anywhere in the world. What’s even cooler is the vendor to end-user waiting time, this means that in less than 4 hours the released patches, tested and repackaged, are available in your Heimdal cloud for deployment. Find more on our website!

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo