Cyber attack on restaurant chain Bojangles compromised customers’ personal data

North Carolina-based restaurant chain Bojangles said it experienced a data security incident that compromised the sensitive personal information of its customers and employees.

 

In a filing with the Office of Maine Attorney General, Bojangles’ Restaurants, doing business as Bojangles, said that on March 12, it identified suspicious activity affecting its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation subsequently determined that certain files were viewed and downloaded by an unknown actor between February 19, 2024 and March 12, 2024,” reads the notice.

 

While the company did not share the nature of the compromised data or the number of affected individuals, several US-based law firms claimed that the breached data included names, Social Security numbers, driver’s license numbers, government issued ID card numbers, financial account information, medical information, health insurance information and more.

 

“We take this event and the security of information in our care seriously. Upon learning of the event, we moved quickly to investigate and respond, assess the security of our environment, and determine what information was potentially impacted,” Bojangles said.

 

“As part of our ongoing commitment to information security, we reviewed our existing policies and procedures, enhanced certain administrative and technical controls, and provided additional security training to reduce the likelihood of a similar future event,” the restaurant chain added.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities. It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on Bojangles.

 

The company has also not shared details on who is behind the attack or if a ransom was demanded.