Data stolen after ransomware attack on Yum! Brands

Names and license numbers among the sensitive info taken

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Despite initial reports to the contrary, it seems that hackers did manage to steal data from Yum! Brands during a recentransomwareattack.

The parent company of KFC, Pizza Hut, and Taco Bell chains started sending out notifications to affected customers explaining what kind of information was stolen during the attack that took place in mid-January this year.

The notifications read: “Our review determined that the exposed files contained some of your personal information, including [Name or other personal identifier in combination with: Driver’s License Number or Non-Driver Identification Card Number].” This is plenty of information for threat actors to commit acts ofidentity theft.

No evidence of abuse

In the initial report, the company said there was no evidence of customer data having been taken. But now that this has been confirmed, Yum! brands has amended its claim to say there’s no evidence that the stolen data is being actively exploited in the wild.

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best malware protection right now

The ransomware attack that happened on January 18 this year forced the company to shut down up to 300 restaurants in one market for a day, according to Yum! Brands' filing with the U.S. Securities and Exchange Commission (SEC). The shutdown “temporarily disrupted” some of its affected systems and resulted in data theft, it also stated.

“We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.”

“While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” it said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the company said it notified affected customers and offered identity theft monitoring solutions in compensation, it did not say exactly how many people were affected by the incident.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

Key Strategies for financial institutions to combat fraud