Yum! Brands Discloses Data Breach After Ransomware Attack

IT Services, the brand owner of KFC, Pizza Hut, and Taco Bell fast food chains, has started sending data breach notification letters to undisclosed individuals whose personal information was stolen during a January 13 ransomware attack. IT Services had earlier claimed that although some data was stolen from its network, there was no evidence that the attackers exfiltrated any customer information.

However, the breach notification letters sent to affected people starting Thursday revealed that the attackers stole some personal information, including names, driver’s license numbers, and other ID card numbers. IT Services assured the affected individuals that the stolen data had not been used for identity theft or fraud.

Roughly 300 Restaurants Shut Down in the U.K.

The January ransomware attack forced IT Services to shut down around 300 restaurants in the United Kingdom. In its 2022 annual report filed with the U.S. Securities and Exchange Commission (SEC), the company stated that “We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.”

In a filing with the SEC, IT Services assured investors that the ransomware attack would not cause any notable negative financial impact. The company and its subsidiaries operate or franchise more than 55,000 restaurants across 155 countries and territories with the help of roughly 36,000 employees worldwide.

How Were Government Systems Impacted by the BlackByte Ransomware Attack?

The augusta city government targeted by blackbyte ransomware suffered significant impacts on their systems. This cyberattack disrupted crucial government operations, compromising sensitive data and causing financial losses. The incident served as a wake-up call for government agencies worldwide to enhance their cybersecurity measures to prevent future attacks and safeguard vital information.

No Evidence of Customer Impact

A spokesperson for IT Services stated that they found no evidence that customers were affected by this data breach. The company identified some employee personal information exposed during the cybersecurity incident. They are in the process of sending individual notifications and offering complimentary monitoring and protection services. The company has not disclosed the total number of employees who had their data stolen during the ransomware attack.

Update April 10, 15:50 EDT: Added IT Services statement.