California Pizza Kitchen breach affected over 100,000 employees

California Pizza Kitchen breach affected over 100,000 employees

California Pizza Kitchen breach affected over 100,000 employees

American fast-food giant California Pizza Kitchen recently wrote to over a hundred thousand current and former employees that their personal information was compromised in a recent data breach.

The news first came to light thanks to a data breach notification that appeared on the website of the Attorney General of Maine. As per the notification, the security breach took place on 15 September and affected up to 103,767 individuals.

California Pizza Kitchen has nearly 200 restaurants spread across eight countries and 12 international cities. Founded in 1985, it is known for inventing the “Original BBQ Chicken Pizza”, and also serves a variety of pizzas, pasta, salad, and chicken through its network of restaurants. Owned by private equity firm Golden Gate Capital, it has over 14,000 employees worldwide.

In a letter sent to the affected individuals, California Pizza Kitchen (CPK) said that as soon as it discovered the suspicious activity, it secured its IT environment “with the assistance of leading third-party computer forensic specialists” and “launched an investigation to determine the nature and scope of the incident”.

COK said that by 4 October, it determined that certain files on its systems were subject to unauthorized access. These files contained personally identifiable information like full names and social security numbers of current and former employees.

“We, therefore, undertook a meticulous review of the potentially impacted files and our internal systems in order to identify the information that was involved and to whom it related. Unfortunately, on October 13, 2021, we determined that certain files containing your information could have been accessed during the event,” CPK added.

In another notification posted to all the affected individuals on 15 November, California Pizza Kitchen said there isn’t any proof that the compromised data has been misused. The company also said that it is currently reviewing its security policies and implementing additional measures to avoid such incidents in the future.

Commenting on the breach suffered by CPK, Danny Lopez, CEO of Glasswall, says that “the California Pizza Kitchen data breach is yet another reminder that employers need to take action in order to protect their employees from having their critical information stolen.

“The solution to preventing incidents like this is two-fold: training and technology. Training plays a vital role in any rounded approach to cyber security by arming as many users as possible to be alert to risks and follow best practices. The problem is, much of these training efforts are little more than an exercise in box-ticking, covering the basics with employers then assuming their staff will remember what they need to do on every single occasion in the future when they are exposed to risk.

“People should understand that protecting their organisation from the impact of a security breach isn’t just about always applying every element of their training on every single occasion, it’s also about raising the alarm if a breach may have occurred without fear of punishment. Whether they are right or wrong, employees should be encouraged to always raise the alarm if something doesn’t feel right.

On the technology side, taking a proactive, zero trust (never trust/always verify) approach to cybersecurity and having the measures in place to prevent attacks from penetrating your systems is critical. It’s also far more efficient and cost-effective than relying solely on your employees,” he added.

Also Read: Hackers breached Pizza Hut website, stole financial info of customers

Copyright Lyonsdown Limited 2021

Top Articles

2,500 years of Threat Intelligence

In order for threat intelligence to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach.

Don’t fall foul of homoglyph web domains

Homoglyphs are characters from other scripts, which can look like Latin letters. They are used in domain names and they are very hard to spot.

Cyber attack targeted Spanish beer maker Damm; halted brewery operations

Damm, Spain's second largest beer-making company, suffered a major cyber attack targeting one of its IT systems last week.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]