Fast food provider Yum Brands disclosed a ransomware attack forced the company to shut down almost 300 restaurants in the U.K., the company said in a Wednesday filing with the Securities and Exchange Commission.
After detecting the incident, it immediately took containment measures, which included taking certain systems offline and enhancing its monitoring technology, according to the filing. The firm is actively working to restore affected systems and expects that process to be completed in the coming days.
Yum Brands launched an investigation, hiring industry leading cybersecurity and forensics professionals, the company said in a statement on its website. The company confirmed data was stolen from its network, but said at this time there is no evidence customer databases were stolen.
The Louisville, Kentucky-based firm franchises or operates more than 53,000 restaurants in 155 countries, under the KFC, Taco Bell, Pizza Hut and The Habit Burger Grill. The company said all the affected U.K. restaurants were back open and operational.
The ransomware attack on Yum Brands marks the latest in a series of cyberattacks and data breaches affecting the restaurant and food delivery industries in recent months.
Chick-fil-A earlier this month said it was investigating suspicious activity on the Chick-fil-A One rewards accounts of some of its customers, in a tweet. The company said the incident was not due to a compromise of its internal systems. Five Guys suffered a breach in a September incident that may have compromised applicant data.
The FBI sent out warnings in August about criminals launching credential stuffing campaigns against various businesses, including retailers, restaurants and mobile apps. The targeted businesses tend to be considered less of a priority and could fall victim to automated use of stolen credentials.
Rapid7 researchers noted that mobile apps typically allow more login attempts in order to speed up customer authentication, they said in a blog post released Thursday.
For Yum Brands, the incident marked a temporary disruption, but the company is not aware of any additional restaurant disruption nor does it expect the incident to have a material adverse impact on its business, operations or financial results.
Its posted statements did not include additional details about whether a ransom was paid, how much money was involved or how the threat actors got into the company systems.
In a frequently asked questions page on the Chick-fi-A website, the company said customers should report whether their Chick-fil-A One accounts were being used to make fraudulent mobile orders or create fraudulent redemption or gift rewards.
On a customer support page, Chick-fil-A One members were advised to change passwords if they saw any suspicious activity. The company also advised them to verify whether stored payment cards were used to load unauthorized funds onto their accounts.