Skip to main content
close search
site logo

Yum Brands faces class action suits from employees after ransomware attack

The Taco Bell and KFC operator is facing litigation after some personal data of company employees was stolen in the attack.

Published May 16, 2023
David Jones's headshot
Reporter
Taco Bell exterior
Courtesy of Taco Bell

Yum Brands is facing class action litigation in U.S. federal and state courts in connection with the January ransomware attack, the company said in a filing with the Securities and Exchange Commission last week. 

The company said several class action lawsuits were filed in April by current and former employees alleging privacy violations in connection with the attack. 

The attack forced the Louisville, Kentucky-based fast food operator, to close nearly 300 restaurants in the U.K. for a single day in January. 

Yum operates or franchises more than 55,000 restaurants around the world under the KFC, Taco Bell, Pizza Hut and Habit Burger Grill brand names. 

“In the course of our forensic review and investigation, we identified that some personal information belonging to employees primarily in the U.S. was exposed during the January 2023 cybersecurity incident,” a spokesperson for Yum said via email. 

The attack took place on Jan. 13, according to a copy of the consumer disclosure letter filed with California regulators. The company immediately locked down systems, notified federal law enforcement and brought in digital forensics and response experts to probe the attack. 

There was no evidence the stolen personal data has been used in any fraudulent activity, according to the disclosure letter.

According to a class action lawsuit filed during mid-April in the U.S. District Court in Louisville, an employee of Charter Brands, a franchisee of Yum, was sent a letter saying the breach may have resulted in the breach of the worker’s name, address, date of birth and Social Security number. 

The company and its subsidiaries have more than 23,000 employees in the U.S., according to the lawsuit. 

The company said it has incurred expenses related to the response, remediation and investigation of the attack, according to the SEC filing.

Yum does not expect the attack to ultimately have a material adverse effect on its business. 

The company is almost done with notification and is offering complimentary monitoring and protection services, according to the spokesperson. There is no indication customer data was impacted, according to the company.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell