Yum! recently disclosed that employees` data were exfiltrated in the January 2023 cyberattack.
On January 18th, Yum! Brands closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. At the moment, the company announced that the nature of the stolen data was unknown. However, there were no indicators that customer data had been spilled.
On April 6th, due to the ongoing investigation, Yum! disclosed that some employees data was impacted:
In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cyber security incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.
Until now, security researchers found no evidence of fraud or identity theft linked to this data. Still, as a caution measure, the company decided to offer two years of credit monitoring and identity protection services to those affected.
The US-based company owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, among others, and reported making $1.3 billion in yearly net profit. After the attack, the impacted restaurants were closed for one day and were functional since then, although the affected systems were not yet fully restored at first.
Security Measures That Followed the Ransomware Attack
Yum! Brands notified Federal law enforcement and initiated an investigation. For now, there is no information regarding when did the breach happen and how long did threat actors have access to the compromised networks. At the moment, it is clear that some data was leaked from the Company’s network but until now forensics found no evidence of customers` data being stolen.
According to Yum! Brands, their response protocols included:
- taking offline the affected systems
- enforcing enhanced monitoring technology
Ransomware attacks are usually followed by threat actors` trying to extort their victims. However, Yum! Brands stated that no negative financial impact is expected to happen due to this attack:
While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results.
UK Ransomware Attack Series
At least two other significant ransomware attacks were performed recently on famous UK brands.
Last week, a cyberattack linked to LockBit ransomware hit Royal Mail, the UK’s largest mail delivery service. The incident caused stopping international shipping services.
Another famous victim of ransomware attacks was The Guardian newspaper, which was a target of threat actors a few days before Christmas. Although the website continued to be updated with fresh stories, the management had to ask the employees to work remotely until the incident was resolved.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;