{"id":628364,"date":"2023-04-12T09:49:45","date_gmt":"2023-04-12T14:49:45","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/12\/kfc-pizza-hut-data-stolen-in-january-ransomware-attack\/"},"modified":"2023-04-12T09:49:45","modified_gmt":"2023-04-12T14:49:45","slug":"kfc-pizza-hut-data-stolen-in-january-ransomware-attack","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/12\/kfc-pizza-hut-data-stolen-in-january-ransomware-attack\/","title":{"rendered":"KFC, Pizza Hut data stolen in January ransomware attack"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>11 Apr 2023 14:45<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Yum!, the US-based parent organisation of KFC and Pizza Hut, has written to a number of employees whose data was stolen by the undisclosed ransomware gang that attacked its systems in January 2023, <a href=\"https:\/\/www.computerweekly.com\/news\/252529373\/KFC-Pizza-Hut-parent-shuts-UK-restaurants-after-cyber-attack\">resulting in the temporary closure of 300 UK outlets<\/a>.<\/p>\n<p>Upon detecting the initial incident, the organisation\u2019s planned response protocols swung into action. Yum! deployed containment measures to prevent further damage and took affected systems offline, implemented enhanced monitoring, engaged a third-party cyber forensics specialist, and notified US law enforcement.<\/p>\n<p>The organisation said at the time that it was aware that data was taken from its network, but said there was no evidence that customer databases were stolen.<\/p>\n<p>A Yum! spokesperson said: \u201cIn the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cyber security incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.\u201d<\/p>\n<p>In the letter, dated 6 April, Yum! said that the exposed data included names and personal identifiers linked to driver\u2019s licences and other forms of personal identification.<\/p>\n<p>It added that it has not found any evidence of fraud or identity theft linked to this data, but nevertheless, those affected are being offered two years\u2019 of credit monitoring and identity protection services through <a href=\"https:\/\/www.idx.us\/\">IDX<\/a>.<\/p>\n<section data-menu-title=\"UK impact unclear\">\n<h3><i data-icon=\"1\"><\/i>UK impact unclear<\/h3>\n<p>Despite the initial incident having a UK-wide impact, which saw restaurants around the country unable to trade, the form letter relates to US employees of the organisation.<\/p>\n<p>Computer Weekly understands that the majority of affected employees were in the US, and the Information Commissioner\u2019s Office (ICO) said it had not been notified of an incident. <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__ico.org.uk_for-2Dorganisations_guide-2Dto-2Ddata-2Dprotection_guide-2Dto-2Dthe-2Dgeneral-2Ddata-2Dprotection-2Dregulation-2Dgdpr_personal-2Ddata-2Dbreaches_&#038;d=DwMFAg&#038;c=tEbGsWWjqkBSpaWdXc_mdMSanI1bDu-FKXiKGCfVmPM&#038;r=OtdtH4YHQibTAzHjZLHmgv1-ClJ6pexybHUB-dtxpJ4&#038;m=xgJAYebuy3Lowrt75sve_iLmkZy7dSHHhmJgZkN7UX5yWXF3IXvu29DL11IAYre0&#038;s=vl_h3NttWtWpDk6kpCQH6e4-y2aU8ksox5J9AesysNk&#038;e=\" target=\"_blank\" rel=\"noopener\">Under UK law<\/a>, organisations must notify it within 72 hours of becoming aware of a personal data breach unless said breach does not pose a risk to people\u2019s rights or freedoms. If an organisation chooses not to report a breach it should still maintain a record of it and be prepared to explain why it was not reported.<\/p>\n<p>In its <em>2022 annual report<\/em>, filed earlier in April, Yum! acknowledged that the incident did have a significant impact on its business. It said: \u201cWe have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.<\/p>\n<p>\u201cWe remain subject to risks and uncertainties as a result of the incident, including as a result of the data that was taken from the company\u2019s network.\u201d<\/p>\n<p>Jon Miller, CEO of anti-ransomware specialist <a href=\"https:\/\/www.halcyon.ai\/\">Halcyon<\/a>, said that the three-month gap between the initial incident and the breach disclosure should not come as a surprise, given how long such investigations take to complete, particularly for public, regulated companies.<\/p>\n<p>\u201cOne would think that \u2013 given how ransomware attacks are designed to reveal themselves to the victim, unlike other attacks \u2013 disclosure of the details would come swiftly. That\u2019s not necessarily the case with these attacks that not only deliver ransomware but are also stealthy data exfiltration operations,\u201d he explained.<\/p>\n<p>\u201cUp to the point the ransomware payload is delivered, there is little difference between these cyber criminal ransomware operations and corporate or government espionage attacks. These are complex, multi-stage operations often involving multiple threat actors.<\/p>\n<p>\u201cTheir goal, like that of their espionage-focused counterparts, are determined to be as quiet as possible while infiltrating as much of the targeted network and exfiltrating as much sensitive data as they can and then leveraging it for a bigger ransom demand,\u201d said Miller.<\/p>\n<p>\u201cIn most respects, the only difference between a corporate espionage operation and a ransomware attack is that in the latter the attackers plan on revealing the attack to the victim in time.\u201d<\/p>\n<p><em>This article was edited at 15:15 on 11 April 2023 to incorporate an official statement from Yum!.<\/em><\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Data breach incident management and recovery<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/Publicly-disclosed-US-ransomware-attacks-in-2023\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760.jpg 1280w\" alt ><\/p>\n<h5>Publicly disclosed U.S. ransomware attacks in 2023<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/wright_robert.jpg\" alt=\"RobWright\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Rob\u00a0Wright<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/365530204\/LockBit-gang-confirms-Ion-cyber-attack-as-disruption-continues\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-peresanz-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-peresanz-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-peresanz-adobe.jpg 1280w\" alt ><\/p>\n<h5>LockBit gang confirms Ion cyber attack as disruption continues<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/news\/365530214\/Suspected-LockBit-ransomware-attack-causes-havoc-in-City-of-London\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-conorcrowe-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-conorcrowe-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/City-of-London-conorcrowe-adobe.jpg 1280w\" alt ><\/p>\n<h5>Suspected LockBit ransomware attack causes havoc in City of London<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/365530199\/Arnold-Clark-customer-data-was-stolen-in-Play-ransomware-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Fotolia-cars_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Fotolia-cars_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Fotolia-cars.jpg 1280w\" alt ><\/p>\n<h5>Arnold Clark customer data was stolen in Play ransomware attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365535114\/KFC-Pizza-Hut-data-stolen-in-January-ransomware-attack\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Sharie Volkman<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack By Alex Scroxton, Security Editor Published: 11 Apr 2023 14:45 Yum!, the US-based parent organisation of KFC and Pizza Hut, has written to a number of employees whose<\/p>\n","protected":false},"author":1,"featured_media":628365,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25858,23760,46],"tags":[],"class_list":{"0":"post-628364","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-pizza","8":"category-stolen","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/628364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=628364"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/628364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/628365"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=628364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=628364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=628364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}