{"id":88862,"date":"2023-04-11T09:45:00","date_gmt":"2023-04-11T09:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88862"},"modified":"2023-04-11T09:45:00","modified_gmt":"2023-04-11T09:45:00","slug":"kfc-pizza-hut-data-stolen-in-january-ransomware-attack","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88862","title":{"rendered":"KFC, Pizza Hut data stolen in January ransomware attack"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/04\/kfc-pizza-hut-data-stolen-in-january-ransomware-attack.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Yum!, the US-based parent organisation of KFC and Pizza Hut, has written to a number of employees whose data was stolen by the undisclosed ransomware gang that attacked its systems in January 2023, <a href=\"https:\/\/www.computerweekly.com\/news\/252529373\/KFC-Pizza-Hut-parent-shuts-UK-restaurants-after-cyber-attack\">resulting in the temporary closure of 300 UK outlets<\/a>.<\/p>\n<p>Upon detecting the initial incident, the organisation\u2019s planned response protocols swung into action. Yum! deployed containment measures to prevent further damage and took affected systems offline, implemented enhanced monitoring, engaged a third-party cyber forensics specialist, and notified US law enforcement.<\/p>\n<p>The organisation said at the time that it was aware that data was taken from its network, but said there was no evidence that customer databases were stolen.<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack\/\">In a new statement provided to <i>Bleeping Computer<\/i><\/a>, a Yum! spokesperson said that during the course of the organisation\u2019s investigation it identified that some personal information relating to employees was exposed. They said the company was still in the process of sending out individual notifications and would be offering complimentary monitoring and protection services.<\/p>\n<p>The spokesperson added that the investigation had still turned up no evidence that any customer data was exposed.<\/p>\n<p>In the letter, dated 6 April, Yum! said that the exposed data included names and personal identifiers linked to driver\u2019s licences and other forms of personal identification.<\/p>\n<p>It added that it has not found any evidence of fraud or identity theft linked to this data, but nevertheless, those affected are being offered two years\u2019 of credit monitoring and identity protection services through <a href=\"https:\/\/www.idx.us\/\">IDX<\/a>.<\/p>\n<section class=\"section main-article-chapter\" data-menu-title=\"UK impact unclear\">\n<h3 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>UK impact unclear<\/h3>\n<p>Despite the initial incident having a UK-wide impact, which saw restaurants around the country unable to trade, the form letter relates US employees of the organisation.<\/p>\n<p>Computer Weekly contacted Yum! seeking to establish the extent of any impact on UK employees, but the organisation had not responded at the time of writing.<\/p>\n<p>The Information Commissioner\u2019s Office (ICO) said it had not been notified of an incident. <a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__ico.org.uk_for-2Dorganisations_guide-2Dto-2Ddata-2Dprotection_guide-2Dto-2Dthe-2Dgeneral-2Ddata-2Dprotection-2Dregulation-2Dgdpr_personal-2Ddata-2Dbreaches_&amp;d=DwMFAg&amp;c=tEbGsWWjqkBSpaWdXc_mdMSanI1bDu-FKXiKGCfVmPM&amp;r=OtdtH4YHQibTAzHjZLHmgv1-ClJ6pexybHUB-dtxpJ4&amp;m=xgJAYebuy3Lowrt75sve_iLmkZy7dSHHhmJgZkN7UX5yWXF3IXvu29DL11IAYre0&amp;s=vl_h3NttWtWpDk6kpCQH6e4-y2aU8ksox5J9AesysNk&amp;e=\" target=\"_blank\" rel=\"noopener noreferrer\">Under UK law<\/a>, organisations must notify it within 72 hours of becoming aware of a personal data breach unless said breach does not pose a risk to people\u2019s rights or freedoms. If an organisation chooses not to report a breach it should still maintain a record of it and be prepared to explain why it was not reported.<\/p>\n<p>In its <em>2022 annual report<\/em>, filed earlier in April, Yum! acknowledged that the incident did have a significant impact on its business. It said: \u201cWe have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter.<\/p>\n<p>\u201cWe remain subject to risks and uncertainties as a result of the incident, including as a result of the data that was taken from the company\u2019s network.\u201d<\/p>\n<p>Jon Miller, CEO of anti-ransomware specialist <a href=\"https:\/\/www.halcyon.ai\/\">Halcyon<\/a>, said that the three-month gap between the initial incident and the breach disclosure should not come as a surprise, given how long such investigations take to complete, particularly for public, regulated companies.<\/p>\n<p>\u201cOne would think that \u2013 given how ransomware attacks are designed to reveal themselves to the victim, unlike other attacks \u2013 disclosure of the details would come swiftly. That\u2019s not necessarily the case with these attacks that not only deliver ransomware but are also stealthy data exfiltration operations,\u201d he explained.<\/p>\n<p>\u201cUp to the point the ransomware payload is delivered, there is little difference between these cyber criminal ransomware operations and corporate or government espionage attacks. These are complex, multi-stage operations often involving multiple threat actors.<\/p>\n<p>\u201cTheir goal, like that of their espionage-focused counterparts, are determined to be as quiet as possible while infiltrating as much of the targeted network and exfiltrating as much sensitive data as they can and then leveraging it for a bigger ransom demand,\u201d said Miller.<\/p>\n<p>\u201cIn most respects, the only difference between a corporate espionage operation and a ransomware attack is that in the latter the attackers plan on revealing the attack to the victim in time.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Yum!, the US-based parent organisation of KFC and Pizza Hut, has written to a number of employees whose data was stolen by the undisclosed ransomware gang that attacked its systems in January 2023, resulting in the temporary closure of 300 UK outlets. Upon detecting the initial incident, the organisation\u2019s planned response protocols swung into action. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88863,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88862"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88862\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88863"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}