KFC, Pizza Hut owner discloses data breach after ransomware attack

Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack.

This comes after the company said that although some data was stolen from its network, it has no evidence that the attackers exfiltrated any customer information.

In the breach notification letters sent to affected people starting Thursday, Yum! Brands revealed that it has now found out the attackers stole some individuals' personal information, including names, driver's license numbers, and other ID card numbers.

However, it didn't share if the stolen info belonged to employees or customers and is yet to disclose the exact number of people affected by this data breach.

"We are writing to provide you with information about a cybersecurity incident involving your personal information that occurred in mid-January 2023," Yum! Brands said.

"Our review determined that the exposed files contained some of your personal information, including [Name or other personal identifier in combination with: Driver's License Number or Non-Driver Identification Card Number]."

The company also added that the ongoing investigation had not found evidence that the stolen data had been used for identity theft or fraud.

Roughly 300 restaurants shut down in the U.K.

As a direct result of the January ransomware attack, Yum! Brands was forced to shut down around 300 restaurants in the United Kingdom.

"On January 18, 2023, we announced a ransomware attack that impacted certain IT Systems which resulted in the closure of fewer than 300 restaurants in one market for one day, temporarily disrupted certain of our affected systems and resulted in data being taken from our network," the company said in its 2022 annual report filed with the U.S. Securities and Exchange Commission (SEC) on Friday.

"We have incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter."

In a January filing with the U.S. SEC, Yum! Brands also assured investors the ransomware attack would not cause any notable negative financial impact.

"While this incident caused temporary disruption, the company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results," the firm's SEC report reads.

Yum! Brands and its subsidiaries operate or franchise more than 55,000 restaurants across 155 countries and territories with the help of roughly 36,000 employees worldwide.

A Yum! Brands spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for more info on the ransomware attack and the number of individuals (employees or customers) affected by this data breach