A ransomware attack forced Yum Brands, the parent company of Pizza Hut, Taco Bell, and KFC, to close hundreds of sites in the UK. Yum! Having total assets of over $5 billion and a yearly net profit of $1.3 billion, runs 53,000 restaurants over 155 countries and territories worldwide.
Data from hacked networks is often stolen by ransomware attackers to gain leverage against their victims. In a statement released last week, the company confirmed that hackers had gained access to some IT systems, but it also claimed that there was no proof that any client data had been taken.
According to Yum Brands statement:
Although data was taken from the company’s network and an investigation is ongoing, at this stage, there is no evidence that customer databases were stolen.
In August, the FBI issued alerts about hackers starting campaigns of credential stuffing against a variety of organisations, including shops, restaurants, and mobile apps. The targeted companies are usually given less priority and may be the victim of automated identity thefts.
The Yum Brands ransomware attack is the most recent in a string of cyberattacks and data breaches that have recently affected the restaurant and food delivery businesses.
The company claimed to have informed law enforcement and contacted cybersecurity experts to investigate the matter. Additionally, the company upgraded its monitoring technologies and turned off several systems.
Yum! In a statement to the media, explained:
Promptly upon detection of the incident, the Company initiated response protocols, including deploying containment measures such as taking certain systems offline and implementing enhanced monitoring technology.
The targeted restaurants in the UK are likely to continue working normally without any other issues related to the incident.
The ransomware attack caused a short-term delay for Yum Brands. The company does not believe the incident to have a significantly negative effect on its operations, business, or business outcomes, and it is not aware of any other restaurant delays.
Yum Brands informed investors in an 8-K form submitted to the Securities and Exchange Commission (SEC) that the ransomware attack would have no significantly negative financial effects.
From the company’s SEC report:
While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results.
‘Chick-fil-A’ In a tweet earlier this month, said that it was investigating unusual behaviour on certain of its customers’ Chick-fil-A One rewards accounts. According to the company, the accident was not caused by a breach of its internal systems. In September, Five Guys reported a cyberattack that may have exposed application data.
On its website, Chick-fil-A noted that customers should report any incidents in which their Chick-fil-A One accounts were being misused to place fraudulent mobile orders or generate fake redeem or gift rewards.
Food companies have previously experienced ransomware attacks. The largest meat processing company in the world, JBS SA, located in Brazil, paid hackers who gained access to its computer system in 2021 with money estimated to $11 million.
Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.