Yum Brands confirmed this week that its ransomware attack that primarily impacted the UK market in January also impacted some U.S. employees. Yum’s global headquarters is in Plano, Texas. The company also has offices in Louisville, Kentucky.
About 300 restaurants had to briefly close in the UK market following the initial attack. The company sent data breach notification letters to an undisclosed number of people last month confirming their personal information was stolen in January. The company also filed a notice of a data breach in April noting that an “unauthorized party gained access to consumers’ names and other sensitive information.”
In a statement posted to Yum’s website Thursday, the company said, “Following a January 2023 ransomware attack impacting certain information technology systems, the company quickly initiated response protocols, deployed containment measures and implemented enhanced monitoring technology. The incident, which was quickly resolved, did not result in significant restaurant disruptions, only briefly impacting fewer than 300 restaurants in one international market. Some personal information belonging to employees primarily in the U.S. was exposed, and the company has sent these individuals all legally required notifications and offered complimentary monitoring and protection services. No customer information was impacted. The event had no material impact on business, operations or financial results.”
Yum is one of several restaurant companies recently impacted by such attacks. In early January, several of Chick-fil-A’s customers in the Atlanta area reported their data, including bank account information, was accessed by hackers. McDonald’s was hit by a data breach in 2021, while DoorDash’s recent breach affected nearly 5 million people. Five Guys reported a breach in late 2022 that impacted job applicants.
As consumers – and businesses – become more digital, data breaches have skyrocketed. In Q3 2022, for instance, data breaches globally were up by 70% year-over-year, according to cybersecurity company Surfshark. That said, companies are making progress in fighting these attacks. Data breach numbers in Q1 2023 fell by about 25% versus the previous quarter.
Still, Surfshark finds that the U.S. is the second most breached country in the world, behind Russia, and had 5 million leaked accounts in Q1 2023. There were over 40 million breaches in Q1 across the world.
Contact Alicia Kelso at [email protected]