Yum! Brands Notifies Customers of Data Breach
Yum! Brands, which owns the restaurant chains KFC, Pizza Hut, Taco Bell, and the Habit Burger Grill, notified affected consumers last week that the company experienced a cybersecurity breach involving unauthorized access to its systems in January. The data breach, which occurred Jan. 13, was discovered March 9, according to the Maine Attorney General's office, where lawyers for Yum! Brands filed a data breach notification. Describing it as a "ransomware attack," the data breach notification didn't list the total number of people affected, only saying 11 Maine residents were affected.
In a letter to affected consumers dated April 6, Yum! Brands Chief Legal and Franchise Officer Scott Catlett said the company has no evidence of identity theft or fraud involving customers' data, but that it was providing complimentary credit monitoring and identity protection services for two years.
Total Retail's Take: The data breach was initially disclosed on Jan. 18, and resulted in Yum! Brands taking systems offline to contain the incident and closing roughly 300 restaurants in the U.K. for one day, the Associated Press reported. The data included the name, driver's license number, or identification card numbers of the affected consumers, according to the Maine Attorney General's office.
Roy Akerman, co-founder and CEO of Rezonate, an identity and access management company, offered his perspective to the news in a statement emailed to Total Retail.
"We repeatedly realize the criticality of a proactive practice to remove excessive access to critical systems holding personally identifiable information (PII) while at the same time the need to continuously monitor for any abnormal attempt to compromise systems," said Ackerman. "Data compromised in a leak may lead to follow-up incidents and further compromise identities."