Yum Brands, the parent company of KFC, Pizza Hut, and Taco Bell, has acknowledged that personal identifiable information (PII) was compromised in a ransomware attack that took place in January 2023.
On January 18, Yum Brands disclosed that the cyberattack had resulted in them taking systems offline and closing roughly 300 restaurants in the UK for one day. A filing with the Maine Attorney General’s Office further revealed that PII had been compromised as well.
In a notification letter sent to potentially impacted individuals, Yum Brands stated that personal information such as names, driver’s license numbers, ID numbers, and other types of personal identifiers had been stolen during the attack. Yum added that they had “no evidence of identity theft or fraud” involving the stolen PII.
Yum Brands said that the incident was not expected to impact its operations or financial results, but added that the incident would incur expenses. An 8-K filing with the US Securities and Exchange Commission (SEC) and an annual report filed with the SEC last week both detail this.
Yum has yet to determine the exact number of impacted individuals. SecurityWeek has contacted Yum for an official statement on the incident.
Key Points:
- Yum Brands, parent company of KFC, Pizza Hut, and Taco Bell, has confirmed that PII was compromised in a January 2023 ransomware attack.
- The attack resulted in Yum Brands taking systems offline and closing roughly 300 restaurants in the UK for one day.
- Personal information such as names, driver’s license numbers, ID numbers, and other types of personal identifiers were stolen during the attack.
- Yum Brands has not yet determined the exact number of impacted individuals.
- The incident is not expected to impact Yum Brands operations or financial results, however the incident will incur expenses.