The parent company of KFC, Pizza Hut and Taco Bell, Yum! Brands has confirmed a ransomware attack that leaked company data and shut down 300 restaurants for a day in the United Kingdom.
Yum! Brands said it has implemented protocols to respond to the incident, including taking certain systems offline and implementing enhanced monitoring technology. The company also launched an investigation involving an unnamed outside cyber analysis firm and notified federal law enforcement agencies in the United States.
Yum operates 53,000 restaurants in 155 territories, including 1,000 in the UK. The company has more than $5 billion in assets and records about $1.3 billion in annual profits.
Fortunately, the company quickly got the attack under control as all outlets were back in business within 24 hours.
In fact, « with the ransomware limited to one-third of UK locations and the downtime limited to one day, Yum! Brands fared relatively well, » said Morten Gammelgard, BullWall’s executive vice president for EMEA.
Although the company’s data was stolen, Yum! believes that at this point there is no evidence that customer databases were stolen.
However, Gammelgard questions whether the hackers did not exfiltrate customer data.
« While there is no evidence that customer data was stolen, can we be sure that it was? » notes Gammelgard. « Initial comments from companies affected by ransomware are often changed later, when the attack is thoroughly investigated and more details about the attack are revealed – that’s when data breaches are usually revealed. »
Similarly, David Maynor, senior director of Threat Intelligence at Cybrary, believes Yum’s claim was potentially misleading: « In all seriousness, Yum’s claim that the attackers took the company’s data, but that no user data was compromised is still troubling. »
Meanwhile, Yum said it is working to « fully restore the affected systems » and does not expect any further disruption.
While this incident caused a temporary disruption, the company is not aware of any other restaurant malfunctions and does not expect this event to have a material adverse impact on its business, operations or financial results.
Yum has not disclosed the identity of the actor responsible for the ransomware attack, the amount of extortion demanded and the attack vector used to compromise the company. At this time, the company has also not revealed the nature of the stolen information and the affected branches.
