Yum Brands is facing class action litigation in U.S. federal and state courts in connection with the January ransomware attack, the company said in a filing with the Securities and Exchange Commission last week.
The company said several class action lawsuits were filed in April by current and former employees alleging privacy violations in connection with the attack.
The attack forced the Louisville, Kentucky-based fast food operator to close nearly 300 restaurants in the U.K. for a single day in January.
Yum operates or franchises more than 55,000 restaurants around the world under the KFC, Taco Bell, Pizza Hut and Habit Burger Grill brand names.
“In the course of our forensic review and investigation, we identified that some personal information belonging to employees primarily in the U.S. was exposed during the January 2023 cybersecurity incident,” a spokesperson for Yum said via email.
The attack took place on Jan. 13, according to a copy of the consumer disclosure letter filed with California regulators. The company immediately locked down systems, notified federal law enforcement and brought in digital forensics and response experts to probe the attack.
There was no evidence the stolen personal data has been used in any fraudulent activity, according to the disclosure letter.
According to a class action lawsuit filed during mid-April in the U.S. District Court in Louisville, an employee of Charter Brands, a franchisee of Yum, was sent a letter saying the breach may have resulted in the breach of the worker’s name, address, date of birth and Social Security number.
The company and its subsidiaries have more than 23,000 employees in the U.S., according to the lawsuit.
The company said it has incurred expenses related to the response, remediation and investigation of the attack, according to the SEC filing.
Yum does not expect the attack to ultimately have a material adverse effect on its business.
The company is almost done with notification and is offering complimentary monitoring and protection services, according to the spokesperson. There is no indication customer data was impacted, according to the company.