Despite early reports to the contrary, it appears hackers have managed to steal sensitive customer information from Yum! Brands in a recent ransomware attack.
The parent company of the KFC, Pizza Hut and Taco Bell chains has started sending notifications to affected customers explaining the type of information stolen in the attack which took place in mid-January this year.
The notifications read: “Our review has determined that the exposed files contain some of your personal information, including [Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number].” That’s a lot of information for threat actors to commit acts of impersonation.
No evidence of abuse
In the initial report, the company said there was no evidence that customer data was taken. But now that it’s been confirmed, yum! brands amended its request to say that there is no evidence that the stolen data is being actively mined in the wild.
The ransomware attack that happened on January 18 this year forced the company to shut down up to 300 restaurants in a market for one day, according to Yum! Trademark filing with the United States Securities and Exchange Commission (SEC). The shutdown “temporarily disrupted” some of its affected systems and resulted in data theft, it also said.
“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.”
“While this incident caused temporary disruptions, the Company is not aware of any other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results. “, did he declare.
While the company said it informed affected customers and offered identity theft monitoring solutions as compensation, it did not specify the exact number of people affected by the incident.
Via: BleepingComputer (opens in a new tab)